EPICenter 4.1 Installation and User Guide

EPICenter™ Software
Installation and User Guide
Version 4.1
Extreme Networks, Inc.
3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
http://www.extremenetworks.com
Published: June, 2003
Part number: 100143-00 Rev. 01
©2003 Extreme Networks, Inc. All rights reserved. Extreme Networks and BlackDiamond are registered trademarks of
Extreme Networks, Inc. in the United States and certain other jurisdictions. EPICenter, ExtremeWare, ExtremeWare Vista,
ExtremeWorks, ExtremeAssist, ExtremeAssist1, ExtremeAssist2, PartnerAssist, Extreme Standby Router Protocol, ESRP,
SmartTraps, Alpine, Summit, Summit1, Summit4, Summit4/FX, Summit7i, Summit24, Summit48, Summit Virtual
Chassis, SummitLink, SummitGbX, SummitRPS and the Extreme Networks logo are trademarks of Extreme Networks,
Inc., which may be registered or pending registration in certain jurisdictions. The Extreme Turbodrive logo is a service
mark of Extreme Networks, which may be registered or pending registration in certain jurisdictions. Specifications are
subject to change without notice.
Solaris is a trademark of Sun Microsystems, Inc.
This product includes software developed by the Apache Software Foundation (http://www.apache.org).
This product contains copyright material licensed from AdventNet, Inc. (http://www.adventnet.com). All rights to such
copyright material rest with AdventNet.
All other registered trademarks, trademarks and service marks are property of their respective owners.
2
Contents
Preface
Chapter 1
Introduction
Terminology
17
17
Conventions
18
Related Publications
19
EPICenter and Policy Manager Overview
Introduction
21
Summary of Features
Simple Inventory Management
The Alarm System
The Configuration Manager
The Grouping Manager
The IP/MAC Address Finder
Interactive Telnet Applet
ExtremeView Configuration and Status Monitoring
Real-Time Statistics
Topology Views
Enterprise-wide VLAN Management
The ESRP Manager
The STP Monitor
Dynamic Reports
Distributed Server Mode
Security Management
EPICenter Stand-alone Utilities
22
23
23
23
23
24
24
24
24
25
25
25
26
26
26
26
27
EPICenter Components
Extreme Networks Switch Management
27
28
Extreme Networks Device Support
29
Third-Party Device Support
29
Overview of the Policy Manager
29
EPICenter Software Installation and User Guide
3
Contents
Chapter 2
Basic EPICenter Policy Definition
30
Policy Types
Access-based Security Policies
IP-Based Policies (Access List Policies)
Source Port Policies
VLAN Policies
31
31
33
36
37
Policy Named Components
38
Policy Access Domain and Scope
41
Using Groups in Policy Definitions
Precedence Relationships within the Policy Manager
42
43
Policy Configuration
43
Cisco Device Support
Cisco Port Mappings
Limitations on Cisco Device Support
44
44
44
EPICenter Policy Limitations
45
Installing the EPICenter Software
Installation Overview
47
Server Requirements
Windows 2000 or Windows XP
Solaris
48
48
48
Client Requirements
49
Browser Requirements for Reports
49
EPICenter Software Licensing
Obtaining an Evaluation License
Obtaining a Permanent License
Upgrading an Evaluation License
Adding a License for an Optional Product
50
50
50
50
51
Upgrading from a Previous Release
51
Installing on a Windows 2000 or Windows XP System
Adding or Updating the License Key
52
55
Installing on a Solaris System
Required Patches
Local Name Resolution
Installing the EPICenter Server
Adding or Updating a License Key
Setting Up SNMP Version 3 for Solaris and Windows
56
56
56
56
61
62
Installing the EPICenter Client
62
Installing the Stand-Alone Client Application on Windows 2000 or Windows XP
63
Installing the Stand-Alone Client Application in the Solaris Operating Environment 64
4
EPICenter Software Installation and User Guide
Contents
Uninstalling the EPICenter Software
Uninstalling the EPICenter Server on Windows 2000 or Windows XP
Uninstalling the EPICenter Stand-Alone Client Application on Windows 2000 or
Windows XP
Uninstalling the EPICenter Server in Solaris
Uninstalling the EPICenter Stand-Alone Client Application in Solaris
Chapter 3
Chapter 4
66
66
67
67
68
Starting EPICenter
Running the EPICenter Server Software under Windows
Starting the EPICenter Server
Shutting Down the EPICenter Server Components
Restarting the EPICenter Server Components as Services
69
69
70
71
Running the EPICenter Server Software under Solaris
Starting or Restarting the EPICenter Server
Shutting Down the EPICenter Server Components
71
71
71
The EPICenter Client
72
Running the EPICenter Stand-alone Client
Viewing Reports from the Stand-Alone Client
72
74
Running the EPICenter Client in a Browser
74
The Network Status Summary Report Page
The Distributed Server Summary
The “About EPICenter” Page
77
78
79
Navigating the EPICenter Applications
The Navigation Toolbar
Main Applet Frame
The Component Tree
The Status/Detail Information Panel
Moving the Component Tree Boundary
Resizing Columns
Sorting Columns
Applet Function Buttons
Printing from EPICenter
80
80
82
82
83
84
84
85
85
86
Using the Inventory Manager
Overview of the EPICenter Device Inventory
Gathering Device Status Information
87
88
Displaying the Network Device Inventory
89
Viewing Device Status Information
Viewing Device Information from Pop-up Menus
90
92
Discovering Network Devices
95
EPICenter Software Installation and User Guide
5
Contents
Chapter 5
6
Adding Devices and Device Groups
Adding a Device
Creating a Device Group
100
100
102
Modifying Devices and Device Groups
Modifying a Device
Modifying a Device Group
104
104
107
Deleting Devices and Device Groups from the Database
Deleting a Device
Deleting a Device Group
109
109
110
Updating Device Information
111
Configuring Default Access Parameters
112
Finding Devices
114
Displaying Properties
All Device Group Properties
Device Properties
115
115
117
The EPICenter Alarm System
Overview of the EPICenter Alarm System
121
The Alarm Log Browser
Acknowledging an Alarm
Deleting Alarm Log Entries
Deleting Groups of Log Entries
Viewing Alarm Details
Filtering the Alarm Display
Deleting Alarm Log Filters
Pausing All Alarms
122
124
124
124
126
126
128
129
Defining Alarms
Creating a New Alarm Definition
Modifying Alarm Definitions
Deleting Alarm Definitions
129
130
138
138
Alarm Categories
Creating a New Alarm Category
Modifying an Alarm Category
Deleting an Alarm Category
138
138
139
139
Threshold Configuration
Creating an Event Rule
Modifying a Rule
Deleting a Rule
Resynchronizing the RMON Rules
Configuring Other SNMP Trap Events
139
142
150
151
151
152
Configuring EPICenter as a Syslog Receiver
153
EPICenter Software Installation and User Guide
Contents
Chapter 6
Chapter 7
Setting EPICenter as a Trap Receiver
153
Log Archive
154
Writing Tcl Scripts for Alarm Actions
The Tcl Scripting Environment
155
155
Configuration Manager
Overview of the Configuration Manager
Viewing Device Information from Pop-up Menus
157
159
Uploading Configurations from Devices
163
Archiving Configuration Settings
Device Schedules
Global Schedules
165
165
167
Downloading Configuration Information to a Device
168
Downloading an Incremental Configuration to Devices
Creating an Incremental Configuration File
169
170
Upgrading Software Images
Performing a Multi-Step Upgrade
Upgrading Images on Devices
Upgrading BootROM on Devices
Upgrading Slot Images on Modular Devices
170
171
173
177
178
Selecting Software Images
181
Specifying the Current Software Versions
182
Performing a Live Software Update
Obtaining New Software Images
183
184
Configuring the TFTP Server
186
Finding Devices
187
Displaying Properties
Device Group Properties
Device Properties
187
188
188
Using the Interactive Telnet Application
Overview of the Interactive Telnet Applet
191
Using Telnet with Extreme Switches
Running ExtremeWare Command Macros
Running a Telnet Session on an Individual Switch
191
192
196
Using Interactive Telnet with Third-Party Devices
199
EPICenter Software Installation and User Guide
7
Contents
Chapter 8
Chapter 9
8
Viewing Device Information from Pop-up Menus
Properties
Alarms
Browse
EView
Statistics
Sync
VLANs
199
199
200
200
200
200
201
201
Finding Devices
201
Displaying Properties
Device Group Properties
Device Properties
202
202
202
The Grouping Manager
Overview of the Grouping Manager
205
Displaying EPICenter Groups and Resources
Resource Details
Grouping Manager Functions
207
209
210
Creating a New Resource
211
Deleting Resources
213
Adding a Resource as a Child of a Group
213
Removing A Child Resource from a Group
216
Adding Relationships to a Resource
Removing Relationships from a Resource
216
218
Adding and Removing Attributes
219
Searching for a Resource
Setting up a Resource Search
Searching from the Main Toolbar
Searching from the Add Resources or Add Relationship Window
221
222
224
225
Importing Resources
Importing from an LDAP Directory
Importing from a File
Importing from an NT Domain Controller or NIS Server
225
227
228
232
Using the IP/MAC Address Finder
Overview of the IP/MAC Finder Applet
ExtremeWare Software Requirements
233
234
Tasks List Summary Window
234
Creating a Search Task
236
EPICenter Software Installation and User Guide
Contents
Detailed Task View
Exporting Task Results to a Text File
Chapter 10
Chapter 11
238
240
Using ExtremeView
Overview of the ExtremeView Application
243
Viewing Device Status Information
244
Viewing Switch Configuration Information
248
Viewing Switch Statistics
253
Finding Devices
255
Viewing Device Information from Pop-up Menus
Properties
Alarms
Browse
Statistics
Sync
Telnet
VLANs
256
256
257
257
258
258
258
258
Displaying Properties
Device Group Properties
Device Properties
Slot Properties
Port Properties
259
259
259
260
263
Real-Time Statistics
Overview of Real-Time Statistics
267
Displaying Multi-port Statistics
269
Displaying Statistics For a Single Port
271
Changing the Display Mode
273
Setting Graph Preferences
274
Taking Graph Snapshots
277
Viewing Device Information from Pop-up Menus
Properties
Alarms
Browse
EView
Sync
Telnet
VLANs
279
279
279
280
280
280
280
281
EPICenter Software Installation and User Guide
9
Contents
Displaying Properties
Device Group Properties
Device Properties
Slot Properties
Port Properties
Chapter 12
Chapter 13
10
281
281
281
282
283
Network Topology Views
Overview of EPICenter Topology Views
285
Displaying a Network Topology View
Map Elements
Map Element Description Panel
286
287
291
Manipulating Topology Views and Maps
Creating a New View or a New Map
Node Placement Criteria in an Auto Populate View
Adding Elements to the Map
Editing the Map
Setting View Properties
Map Viewing Functions
292
293
294
297
301
304
305
Displaying VLAN Information
313
Using the Tools Menu
Mark Links Mode
Adding Links to a VLAN
Connecting an Edge Port to a VLAN
Device Alarms
Device Browse
Device Statistics
Device Telnet
Device View
Device VLANs
Device Properties
315
315
315
317
318
319
319
319
319
320
320
Using the VLAN Manager
Overview of Virtual LANs
321
Displaying a VLAN
Viewing VLANs on a Switch
Viewing Switches in a VLAN
Viewing VLAN Member Ports
Viewing Device Information from Pop-up Menus
322
324
325
326
328
Adding a VLAN
330
Deleting a VLAN
333
EPICenter Software Installation and User Guide
Contents
Chapter 14
Chapter 15
Chapter 16
Modifying a VLAN
Modifying a VLAN from the Toolbar
Modifying a VLAN from the Component Tree Menu
334
335
337
Adding and Deleting Protocol Filters
338
The Spanning Tree Monitor
Overview of the Spanning Tree Monitor
341
Displaying STP Domain Information
Displaying STP VLAN Configurations
Displaying STP Device Configurations
Displaying STP Port Information
342
344
344
346
Viewing STP Domain Properties from Pop-Up Menus
STP Properties
VLAN Properties
The Device Pop-Up Menu
347
347
348
348
The ESRP Manager
Overview of the ESRP Manager
351
Viewing ESRP Detail Information
353
Administering EPICenter
Overview of User Administration
Controlling EPICenter Access
The EPICenter RADIUS Server
Setting EPICenter Server Properties
355
355
356
356
Starting the EPICenter Client for the First Time
Changing the Admin Password
357
358
Adding or Modifying User Accounts
358
Deleting Users
360
Changing Your Own User Password
360
RADIUS Administration
RADIUS Server Configuration
RADIUS Client Configuration
Disabling RADIUS for EPICenter
361
362
363
363
Server Properties Administration
Devices Properties
Scalability Properties
SNMP Properties
Topology Properties
External Connection Properties
Other Properties
363
365
366
367
368
369
369
EPICenter Software Installation and User Guide
11
Contents
Distributed Server Administration
Configuring a Server Group Member
Configuring a Server Group Manager
Chapter 17
Chapter 18
12
370
371
372
Dynamic Reports
Overview of EPICenter Reports
373
Network Status Summary Report
374
Dynamic Reports
375
Viewing Predefined EPICenter Reports
Report Filtering
Server State Summary Report
Device Inventory Report
Slot Inventory Report
Device Status Report
VLAN Summary Report
Voice VLAN Summary Report
Interface Report
Resource to Attribute Mapping Report
Unused Ports Report
User to Host Mapping Report
Network Login Report
Alarm Log Report
Event Log Report
System Log Report
Configuration Management Log Report
376
376
378
379
381
382
382
383
383
384
385
385
386
386
387
387
388
Printing EPICenter Reports
389
Exporting Reports
389
Creating New Reports
Creating or Modifying a Report
Adding a User-Defined Report to the Reports Menu
Debugging
389
391
392
392
Voice over IP Manager
Overview of Voice Over IP Management
395
Viewing VoIP VLAN Settings
395
Selecting VLANs for VoIP
397
QoS Settings for a VoIP VLAN
Default Configuration Attributes
Minimum Bandwidth Calculations
400
401
402
Configuring QoS Settings
404
EPICenter Software Installation and User Guide
Contents
Chapter 19
Chapter 20
VoIP Reports
Voice VLAN Summary Report
407
407
Known Behaviors and Problems
407
Using the Policy Manager
Using the Policy Manager
409
Policies View
Policy Definition Page
Policy Traffic Page
411
412
414
Creating a New Policy
416
Edit Policy Endpoints Window
423
Edit Policy Access Domain/Policy Scope Window
425
Modifying Policies
427
Deleting a Policy
429
Resetting a Policy
429
Configuring Policy Precedence
430
Viewing and Modifying QoS Profiles
431
Configuring QoS Policies
Auto Configuration
Directed Configuration
433
433
434
The ACL Viewer
ACL Viewer Summary Displays
438
Access List Display
Policy Rule Comparison
View Policy Rules
View Configured Rules
439
441
442
442
VLAN QoS Display
Policy Rule Comparison
View Policy Rules
443
444
445
Source Port QoS Display
Policy Rule Comparison
View Policy Rules
View Configured Rules
445
447
448
448
QoS Profile Display
449
Network Login/802.1x Display
450
Cisco Device Policy Setup
451
EPICenter Software Installation and User Guide
13
Contents
Appendix A
Appendix B
14
Troubleshooting
Troubleshooting Aids
Using the Stand-alone Client Application
Using the Browser-based Client (Windows Only)
455
455
456
EPICenter Client
457
EPICenter Database
458
EPICenter Server Issues
459
VLAN Manager
461
Alarm System
462
ESRP Manager
464
Inventory Manager
464
ExtremeView
465
Grouping Manager
466
Printing
466
Topology
466
STP Monitor
467
Reports
467
EPICenter Utilities
The DevCLI Utility
Using the DevCLI Commands
DevCLI Examples
469
470
472
Inventory Export Scripts
Using the Inventory Export Scripts
Inventory Export Examples
473
473
475
The SNMPCLI Utility
Using the SNMPCLI Utility
SNMPCLI Examples
476
476
477
Port Configuration Utility
477
The AlarmMgr Utility
Using the AlarmMgr Command
AlarmMgr Output
AlarmMgr Examples
479
479
481
481
The FindAddr Utility
Using the FindAddr Command
FindAddr Output
FindAddr Examples
481
482
483
484
EPICenter Software Installation and User Guide
Contents
Appendix C
Appendix D
Appendix E
Appendix F
The TransferMgr Utility
Using the TransferMgr Command
TransferMgr Examples
484
484
486
The VlanMgr Utility
Using the VlanMgr Command
VlanMgr Output
VlanMgr Examples
487
487
489
489
The ImportResources Utility
Using the ImportResources Command
ImportResources Examples
490
490
492
EPICenter External Access Protocol
External Access Protocol Overview
493
External Access Protocol Structure
EPICenter Server Commands
493
496
Tcl Client API
Installing and Using the Tcl Client API
Tcl Exported Functions
498
499
499
EPICenter Database Views
Device Report View
505
Interface Report View
507
Database Event Log View
508
Database Alarm Log View
509
Event Types for Alarms
SNMP Trap Events
511
RMON Rising Trap Events
515
RMON Falling Trap Events
515
EPICenter Events
516
EPICenter Backup
EPICenter Log Backups
517
Database Utilities
518
The Validation Utility
Using the DBVALID Command-line Utility
Database Connection Parameters
518
518
519
EPICenter Software Installation and User Guide
15
Contents
The Backup Utility
The DBBACKUP Command-line Utility
Database Connection Parameters
Installing a Backup Database
Appendix G
Appendix H
16
519
519
520
520
Dynamic Link Context System (DLCS)
Overview of DLCS
523
Using DLCS with the Policy Manager
523
DLCS Properties
524
Enabling DLCS on an Extreme Switch
524
DLCS Limitations
ISQ Improvements
524
525
EPICenter Policy System Feature Comparison
ExtremeWare 6.2 Features Supported
527
ExtremeWare 6.0.x and 6.1.x Features Supported
528
ExtremeWare 5.x Features
529
ExtremeWare 4.x Features
530
Cisco Internetworking Operating System (IOS) 11.2 Features
531
EPICenter Policy Issues and Limitations
531
EPICenter Software Installation and User Guide
Preface
This preface provides an overview of this guide, describes guide conventions, and lists other useful
publications.
Introduction
This guide provides the required information to use the EPICenter software. It is intended for use by
network managers who are responsible for monitoring and managing Local Area Networks, and
assumes a basic working knowledge of:
• Local Area Networks (LANs)
• Ethernet concepts
• Ethernet switching and bridging concepts
• Routing concepts
• The Simple Network Management Protocol (SNMP)
NOTE
If the information in the EPICenter Release Note and Quick Start Guide shipped with your software
differs from the information in this guide, follow the Release Note.
Terminology
When features, functionality, or operation is specific to the Summit, Alpine, or BlackDiamond switch
family, the family name is used. Explanations about features and operations that are the same across all
Extreme switch product families simply refer to the product as the “Extreme device” or “Extreme
switch.” Explanations about features that are the same for all devices managed by EPICenter (both
Extreme devices and others) are simply refer to “devices.”
EPICenter Software Installation and User Guide
17
Preface
Conventions
Table 1 and Table 2 list conventions that are used throughout this guide.
Table 1: Notice Icons
Icon
Notice Type
Alerts you to...
Note
Important features or instructions.
Caution
Risk of unintended consequences or recoverable loss of data.
Warning
Risk of permanent loss of data.
.
Table 2: Text Conventions
Convention
Description
Screen displays
This typeface represents information as it appears on the screen.
Screen displays
bold
This typeface indicates how you would type a particular command.
The words “enter”
and “type”
When you see the word “enter” in this guide, you must type something, and then press
the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says “type.”
[Key] names
Key names appear in text in one of two ways. They may be
•
referred to by their labels, such as “the Return key” or “the Escape key.”
•
written with brackets, such as [Return] or [Esc].
If you must press two or more keys simultaneously, the key names are linked with a
plus sign (+). For example:
Press [Ctrl]+[Alt]+[Del].
Words in bold type
Bold text indicates a button or field name.
Words in italicized type
Italics emphasize a point or denote new terms at the place where they are defined in
the text.
18
EPICenter Software Installation and User Guide
Related Publications
Related Publications
The EPICenter documentation set includes the following:
• The EPICenter Software Installation and User Guide (the manual you are reading)
• EPICenter SE Release Note and Quick Start Guide
• EPICenter License Agreement
The EPICenter Software Installation and User Guide can be found online in Adobe Acrobat PDF format, in
the docs subdirectory of the EPICenter installation directory. You must have Adobe Acrobat Reader
version 3.0 or later (available from http://www.adobe.com free of charge).
Other manuals that you will find useful are:
• ExtremeWare Software User Guide
• ExtremeWare Quick Reference Guide
For documentation on Extreme Networks products, and for general information about Extreme
Networks, see the Extreme Networks home page:
• http://www.extremenetworks.com
Customers with a support contract can access the Technical Support pages at:
• http://www.extremenetworks.com/support/database.htm
The technical support pages provide the latest information on Extreme Networks software products,
including the latest Release Note, information on known problems, downloadable updates or
patches as appropriate, and other useful information and resources.
Customers without contracts can access manuals and patches at:
• http://www.extremenetworks.com/support/documentation.asp
EPICenter Software Installation and User Guide
19
Preface
20
EPICenter Software Installation and User Guide
1
EPICenter and Policy Manager
Overview
This chapter describes:
• The features of the EPICenter™ software
• The EPICenter software components
• An overview of the Policy Manager features
• An introduction to the concepts that are fundamental to creating policies using the EPICenter Policy
Manager
• A brief comparison of the features available through the EPICenter Policy Manager with the features
available through the ExtremeWare Command Line Interface (CLI)
Introduction
Today's corporate networks commonly encompass hundreds or thousands of systems, including
individual end user systems, servers, network devices such as printers, and internetworking systems.
Extreme Networks™ recognizes that network managers have different needs, and delivers a suite of
ExtremeWare™ management tools to meet those needs.
EPICenter is a powerful yet easy-to-use application suite that facilitates the management of a network
of Summit™, BlackDiamond™, and Alpine™ switches, as well as selected third-party switches. EPICenter
makes it easier to perform configuration and status monitoring, create virtual LANs (VLANs), and
implement policy-based networking in enterprise LANs with Extreme Networks switches. EPICenter
offers a comprehensive set of network management tools that are easy to use from a client workstation
running EPICenter client software, or from a workstation configured with a web browser and the Java
plug-in.
EPICenter leverages the three-tier client/server architecture framework represented by Java applets, and
can be accessed using Microsoft Internet Explorer or with Sun’s Java Plug-in. The EPICenter application
and database support two of the most popular operating environments in the marketplace, Microsoft
Windows 2000/XP and Sun Microsystems Solaris. Integration with HP OpenView and other third-party
network management software products provides additional flexibility.
EPICenter Software Installation and User Guide
21
EPICenter and Policy Manager Overview
Summary of Features
In large corporate networks, network managers need to manage systems “end to end.” The EPICenter
software is a powerful, flexible and easy-to-use application for centralizing the management of a
network of Extreme switches and selected third-party devices, regardless of the network size. The
EPICenter software provides the vital SNMP, HTML, and CLI-based tools you need for network-wide
management of Extreme Networks Summit, Black Diamond, and Alpine switches.
• Network Control. The EPICenter software provides configuration and monitoring of Extreme
Networks' switches and selected third-party devices anywhere on the network simultaneously.
• Intelligent Management. Extreme SmartTraps™ (patent pending) automatically gather switch
configuration changes and forward them to the EPICenter server, thereby minimizing network
management traffic. EPICenter separates its “heartbeat” polling, used to asses a device’s connectivity,
from its less frequent and more data-intensive status polling.
• Hierarchical Displays. Most information, including that found in EPICenter topology maps, VLAN
management, configuration management, and real-time statistics, is dynamically presented in an
easy-to-navigate hierarchical tree.
• Multi-platform capability. The EPICenter server supports Sun SPARC/Solaris and Intel, Windows
2000, and Windows XP. Client applications on either of these platforms can connect to servers on
either platform.
• Support for multiple users with security. Users must log in to the application, and can be granted
different levels of access to the application features.
• Web-based or installed clients. The EPICenter software gives you a choice of installing client
software, or connecting to the EPICenter server through a web-browser-based client, available on
Windows client machines.
• Manage large numbers of devices. The EPICenter server can manage up to 2000 devices with a
single installation of the EPICenter software. For even larger networks you can split the management
task among several EPICenter servers in a distributed server mode that lets you monitor the status
of those servers from a single client.
Extreme Networks switches and many other MIB-2 compatible devices can be monitored and controlled
from a central interface, without exiting EPICenter to run a separate program or telnet session. Features
such as SmartTraps and the EPICenter alarm system further maximize network monitoring capability
while maintaining network usage efficiency.
You can organize your network resources into non-exclusive groups (including groups made up of
selected ports from multiple switches) that you can manage as a single entity. Device groupings can be
based on a variety of factors. For example, physical location, logical grouping, devices that support
SSH2, and so on. Using device groups, you can search for individual IP addresses and identify their
connections into the network. You can monitor the status of your network devices either visually,
through the ExtremeView applet, or by setting alarms that will notify you about conditions or events on
your network devices. You can get a high-level overview of the status of your network devices
displayed as a hierarchical topology map.
These features and more are described in more detail in the following sections, and in the remaining
chapters of this manual.
22
EPICenter Software Installation and User Guide
Summary of Features
Simple Inventory Management
EPICenter’s Inventory Manager applet keeps a database of all the devices managed by the EPICenter
software. Any EPICenter user can view status information about the switches currently known to the
EPICenter database.
The EPICenter Inventory Management applet provides an automatic discovery function. Users with the
appropriate access can use this feature to discover Extreme and other MIB-2 devices by specific IP
address or within a range of IP addresses.
Network devices can also be added to the EPICenter database manually, using the Inventory Manager
Add function. Once a network device is known to the EPICenter database, you can assign it to a specific
device group, and configure it using the VLAN Manager, the Configuration Manager, or the
ExtremeView tool.
EPICenter also provides a command-line utility that lets you create device groups and import large
numbers of devices into the inventory database through scripts, to streamline the process of adding and
organizing devices for management purposes.
The Alarm System
The EPICenter Alarm System provides fault detection and alarm handling for the network devices
monitored by the EPICenter software. This includes Extreme devices and some third-party
devices—those that the EPICenter software can include in its Inventory database. The Alarm System
also lets you define your own alarms that will report errors under conditions you specify, such as
repeated occurrences or exceeding threshold values. You can specify the actions that should be taken
when an alarm occurs, and you can enable and disable individual alarms.
Fault detection is based on SNMP traps, RMON traps, Syslog messages, and some limited polling. The
Alarm System supports SNMP MIB-2 and the Extreme Networks private MIB. You can also configure
alarms based on certain event thresholds, or on the content of Syslog messages. When an alarm occurs
you can specify actions such as sending e-mail, forwarding a trap, running a program, running a script,
or sounding an audible alert.
The Configuration Manager
The EPICenter Configuration Manager applet provides a mechanism and a graphical interface for
uploading and downloading configuration files to and from managed devices. It can also download
ExtremeWare software images and BootROM images to Extreme Networks devices, or to Extreme
modules that include software.
The Configuration Manager provides a framework for storing the configuration files, to allow tracking
of multiple versions. Configuration file uploads can be performed on demand, or can be scheduled to
occur at regular times—once a day, once a week, or at whatever interval is appropriate.
The Grouping Manager
One of the powerful features of the EPICenter software is its ability to take actions on multiple devices
or resources with a single user action. The Grouping Manager facilitates this by letting you organize
various resources into hierarchical groups, which can then be referenced in other applets. You can then
take actions on a group, rather than having to specify the individual devices or ports that you want to
affect.
EPICenter Software Installation and User Guide
23
EPICenter and Policy Manager Overview
You can also create or import named resources such as users and workstations, which can be mapped
through the Grouping Manager to IP addresses and ports. This capability is especially important in
relationship to the optional Policy Manager applet, which takes advantage of these types of resources to
simplify the creation of QoS and Access List policies.
The IP/MAC Address Finder
The IP/MAC Address Finder applet lets you search for specific network addresses (MAC or IP
addresses) and identify the Extreme Networks switch and port on which the address resides. You can
also use the IP/MAC Finder applet to find all addresses on a specific port or set of ports. You can
export the results of your search to a file, either on the server or on your local (client) system.
Interactive Telnet Applet
The ExtremeView Telnet feature includes a macro capability that lets you create and execute scripts of
CLI commands repeatedly on multiple devices in one operation. You can save your macros for reuse at
other times. Results of the most recent macro run on each device are saved into log files, and can be
viewed from within the Telnet applet.
You can also use the interactive Telnet capability to view and modify configuration information for
some Cisco and 3COM devices as well as for Extreme Networks devices.
ExtremeView Configuration and Status Monitoring
With the ExtremeView applet, any Extreme Networks switch can be monitored through a front panel
image that provides a visual device representation, and can be configured without leaving the
EPICenter client to invoke another program or Telnet session.
The ExtremeView applet displays detailed information about the status of Extreme switches in a
number of categories. Any EPICenter user can view status information about the network devices
known to the EPICenter database. Users with the appropriate access permissions can also view and
modify configuration information for those switches through the ExtremeWare Vista graphical user
interface, accessed through the ExtremeView applet.
Real-Time Statistics
The Real-Time Statistics feature of the EPICenter software provides a graphical presentation of
utilization and error statistics for Extreme switches in real time. The data is taken from Management
Information Base (MIB) objects in the etherHistory table of the Remote Monitoring (RMON) MIB. You
can choose from a variety of styles of charts and graphs as well as a tabular display.
You can view data for multiple ports on a device, device slot, or within a port group, optionally limiting
the display to the “top N” ports (where N is a number you can configure). You can also view historical
statistics for an individual port. If you choose to view a single port, the display shows the value of the
selected variable(s) over time, and can show utilization history, total errors history, or a breakdown of
individual errors.
In addition, the Real-Time Statistics applet lets you “snapshot” a graph or table as a separate browser
page. You can then save, print, or e-mail the page.
24
EPICenter Software Installation and User Guide
Summary of Features
Topology Views
The EPICenter software’s Topology applet allows you to view your network (EPICenter-managed
devices and the links between Extreme Networks devices) as a set of maps. These maps can be
organized as a tree of submaps that allow you to represent your network as a hierarchical system of
campuses, buildings, floors, closets, or whatever logical groupings you want.
The Topology applet can automatically add device nodes to your map as devices are added to
EPICenter software’s device inventory. The EPICenter software automatically detects and adds links
that exist between Extreme Networks devices, and organizes the device nodes into submaps as
appropriate. The links between devices provide information about the configuration and status of the
links.
You can customize the resulting maps by creating submaps, moving map elements within or between
submaps, adding new elements, such as links, “decorative” (non-managed) nodes, and text, and
customizing the look and labeling of the discovered nodes themselves. In addition, options are available
to organize and optimize the map layout to display very large numbers of devices with the minimum of
device and link overlap.
The Topology applet also provides information about the VLANs configured on devices in a topology
view. Using the Display VLANs feature, you can visually see which links and devices are configured for
a selected VLAN, or select a specific device or link to see what VLANs are configured on that device.
You can also configure a VLAN in a topology by adding ports or trunk links.
Finally, from a managed device node on the map, you can invoke other EPICenter functions such as the
alarm browser, telnet, real-time statistics, a front panel view, the VLAN Manager, or ExtremeWare Vista
for the selected device.
Enterprise-wide VLAN Management
A virtual LAN (VLAN) is a group of location- and topology-independent devices that communicate as
if they were on the same physical local area network (LAN).
The EPICenter VLAN Manager is an enterprise-wide application that manages many aspects of VLANs
on Extreme Network’s Summit, BlackDiamond, and Alpine switches. Any EPICenter user can view
status information about the VLANs known to EPICenter across the network. Users with the
appropriate access can create and delete VLANs, add and remove ports from existing VLANs, and
create and modify the protocol filters used to filter VLAN traffic. When creating or modifying a VLAN,
you can get EPICenter to determine whether there is connectivity between the devices you have
included in the VLAN, and if not, it can recommend what ports and devices you should add to achieve
connectivity.
The ESRP Manager
The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches
to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users. The ESRP
Manager displays the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs.
You can view a summary status for all the ESRP-enabled VLANs being monitored by the EPICenter
software. You can also view detailed information for an individual ESRP-enabled VLAN and the
switches in those VLANs.
EPICenter Software Installation and User Guide
25
EPICenter and Policy Manager Overview
The STP Monitor
The EPICenter Spanning Tree Protocol (STP) Monitor module displays information about STP domains
network-wide at the domain, VLAN, device, and port levels. The STP Monitor can monitor STP
domains configured on devices running ExtremeWare 6.2.2 or later. Earlier versions of ExtremeWare
supported the Spanning Tree protocol. STP information via SNMP is available starting with
ExtremeWare version 6.2.2.
Dynamic Reports
EPICenter Reports are HTML pages that can be accessed separately from the main EPICenter user
interface, without logging in to the Java user interface. The Reports module can also be accessed from
the EPICenter Navigation toolbar. A Summary Report is also displayed on the main EPICenter “home”
page that provides basic information on the status of EPICenter devices and alarms. From this report
you can access other more detailed reports.
The EPICenter reports are HTML pages that do not require Java capability, and thus can be accessed
from browsers that do not have the ability to run the full EPICenter user interface. This means reports
can be loaded quickly, even over a dial-up connection, and it also provides the ability to print the
reports.
The Reports capability provides a number of predefined HTML reports that present information from
the EPICenter database. You can also create your own reports by writing Tcl scripts.
Distributed Server Mode
To manage very large numbers of network devices, or devices that are geographically distributed, the
management task can be divided up between multiple EPICenter servers. Each server in the server
group is updated at regular intervals with network summary and status information from the other
servers in the group. From the EPICenter home page, a client attached to any one of the servers in the
server group can view summary status information from the other servers in the group in addition to
the standard Network Summary report. The EPICenter client also lets the user easily navigate between
the different servers in the group to see detailed management information about the devices managed
by those servers.
Security Management
In order to access EPICenter features, a user must log in with a user name and a password.
EPICenter provides three access levels:
• Monitor—users who can view status information only.
• Manager—users who can modify device parameters as well as view status information.
• Administrator—users who can create, modify and delete EPICenter user accounts as well as perform
all the functions of a user with Manager access.
The EPICenter Admin applet enables configuration of EPICenter as a Remote Authentication Dial In
User Service (RADIUS) server. As an alternative, it can be configured as a RADIUS client, or RADIUS
authentication functionality can be disabled.
When EPICenter acts as a RADIUS server, it can be contacted by RADIUS clients (such as Extreme
Networks switches) to configure access permissions for Extreme switches, and to authenticate user
names and passwords. The use of the RADIUS server avoids the need to maintain user names,
26
EPICenter Software Installation and User Guide
EPICenter Components
passwords, and access permissions in each switch, and instead centralizes the configuration in one
location in EPICenter.
EPICenter Stand-alone Utilities
The EPICenter software provides several stand-alone utilities or scripts that streamline the process of
getting information into and out of the EPICenter database, or facilitate certain device troubleshooting
functions. These are the following:
• The DevCLI utility lets you add devices to and remove devices from the EPICenter inventory
database via command, and supports batch additions and deletions specified via a file.
• A set of Inventory Export scripts that enable you to export information from the EPICenter database
about the devices that are being managed. The information is provided in a format suitable for
import into other applications, such as a spreadsheet.
• The SNMPCLI utility provides SNMP Get, GetNext, and SNMP walk features that may be needed to
obtain device MIB information for troubleshooting.
• A set of utilities that provide a command line interface to several EPICenter software functions.
These include the AlarmMgr utility, FindAddr utility, TransferMgr utility, and VlanMgr utility. These
utilities enable you to perform certain EPICenter functions from the command line (or through a
script) rather than through the EPICenter graphical user interface. Results from the Alarm Manager
utility and the Find Address utility can be output to a file.
EPICenter Components
The EPICenter software is made up of three major functional components:
• The EPICenter Server, which is based on the Tomcat Java server. The server is responsible for
downloading applets, running servlets, managing security, and communicating with the database.
• A Relational Database Management System (RDBMS), Sybase Adaptive Server Anywhere, which is
used as both a persistent data store and a data cache.
• EPICenter client applications. This can be an installed client application that runs on a
Windows 2000/XP or Solaris system. For Windows systems only, the client can also be a set of Java
applets downloaded from the server to the client on demand into a Java-enabled browser running
the Java plug-in ( Java 1.3.1_03 ).
EPICenter Software Installation and User Guide
27
EPICenter and Policy Manager Overview
Figure 1 illustrates the architecture of the EPICenter software.
Figure 1: EPICenter software architecture
Windows client system
Windows or Solaris client system
Browser with Java plug-in
Installed client
EPICenter applets
Browser
EPICenter applets
HTML reports
TCP sockets
Server system
EPICenter server
Application objects
Relational
database
SNMP
Extreme
device
Telnet
Extreme
device
Third-party
device
XM_021
Extreme Networks Switch Management
The EPICenter software uses SNMP to monitor and manage the devices in the network. To avoid the
overhead of frequent device polling, the EPICenter software also uses a mechanism called SmartTraps to
identify changes in Extreme Networks device configuration.
When an Extreme Networks switch is added to the EPICenter database, the EPICenter software creates
a set of SmartTraps rules that define what events (status and configuration changes) the EPICenter
server needs to know about. These rules are downloaded into the Extreme Networks switch, and the
EPICenter server is automatically registered as a trap receiver. Subsequently, whenever a status or
configuration change takes place, the ExtremeWare software in the switch uses the SmartTraps rules to
determine if the EPICenter server should be notified. These changes can be changes in device status,
such as fan failure or overheating, or configuration changes made on the switch through the
ExtremeWare CLI or ExtremeWare Vista.
The EPICenter server does a “heartbeat” check, by default every five minutes, of all the devices it is
managing to determine if the devices are still accessible. It also does a full poll of each device at longer
intervals. This interval for this less frequent status polling can be adjusted on each individual device.
The EPICenter software also gives you the ability to gather device status at any time using the Sync
feature in the Inventory Manager applet.
28
EPICenter Software Installation and User Guide
Extreme Networks Device Support
Extreme Networks Device Support
Extreme Networks devices running the ExtremeWare software version 2.0 or later, are supported by
most features in the EPICenter system, including the VLAN Manager and the graphical display features
of the ExtremeView applet. Some features, such as ESRP, or the Policy Manager, require more recent
versions of the ExtremeWare software.
NOTE
See the EPICenter Release Note and Quick Start Guide or the Extreme Networks web site for the most
current information on device support in the EPICenter software.
Third-Party Device Support
Any device running a MIB-2 compatible SNMP agent can be discovered by the EPICenter Inventory
manager, and saved in the Inventory database. All devices in the database can also appear on a
topology map. The EPICenter alarm system can handle SNMP traps from any device in the inventory
database, including RMON traps from devices with RMON enabled. The Real-Time Statistics module
can display statistics for any device with RMON enabled, the IP/MAC Finder applet supports all
devices running MIB-2 and the Bridge MIB, with the exception of user mapping, which is specific to
Extreme devices.
Third-party devices that support SNMP version 3 (SNMPv3) are discovered as SNMP version 1
(SNMPv1) and are added to the EPICenter database as SNMPv1 devices.
In the Telnet applet, you can use the Telnet feature with any device that supports a Telnet interface. In
the ExtremeView applet, all Extreme devices and selected third-party devices (including certain Cisco
and 3COM devices) can display a device-specific front panel view in the Summary view. In addition,
vendor-specific generic images are available for additional devices, such as Sun and Nortel, and a
standard generic image can be displayed for all other “unknown” devices. New device images and
configuration description files may be added over time—check the Extreme Networks web site for
information on new device support.
Overview of the Policy Manager
Policy-based management is used to protect and guarantee delivery of mission-critical traffic. A
network policy is a set of high-level rules for controlling the priority of, and amount of bandwidth
available to, various types of network traffic. Using EPICenter, policies can be defined in terms of
individual users and desktop systems, not just by IP or MAC addresses, ports, or VLANs.
The EPICenter Policy Manager lets you work with high-level policy components (users, desktop
systems, groups of users or systems, applications, and groups of devices and ports) in defining policies.
The policy system translates those policy components into the specific information needed for QoS
configuration of network devices. It also detects overlaps and conflicts in policies, with precedence rules
for resolving conflicting QoS rules.
EPICenter Software Installation and User Guide
29
EPICenter and Policy Manager Overview
NOTE
The EPICenter policy system is based on the policy-based QoS capabilities in the ExtremeWare
software. For details on the capabilities and implementation of QoS in Extreme Networks switches, see
the ExtremeWare Software User Guide or the ExtremeWare Release Note for the version(s) of the
software running on your switches.
The EPICenter Policy Manager is a separately-licensed component of the EPICenter product family.
When a Policy Manager license is installed on the EPICenter server, the Policy icon appears in the
Navigation Toolbar at the left of your browser window.
If no icon is present, it indicates that no current license can be found for the Policy Manager module.
See the EPICenter Software Installation and User Guide or the EPICenter Release Note and Quick Start Guide
for information on obtaining and installing a license.
The EPICenter Policy Manager is organized into two functional areas.
• The Policies View, where you can create, view, and modify EPICenter policy definitions for Extreme
Networks devices. The organizing principle within the Policies view is the policy definition.
• The ACL Viewer, where you can view the access list and QoS rules generated by the Policy Manager
for the devices in your network. You cannot modify EPICenter policy definitions from within this
view. However, you can modify QoS configuration settings for Cisco devices. The organizing
principle within the ACL Viewer is the network device.
From either the Policies View or ACL Viewer, you can modify the QoS profiles, change policy
precedence, and configure the currently-enabled policies on one or more devices.
The Policy Manager is closely tied to the EPICenter Grouping applet, which is used to define the
network resources that can be used as traffic endpoints or to specify the policy scope in a policy
definition. Resources must be set up through the Grouping Manager or Inventory Manager before you
can use them in a policy definition. You should be thoroughly familiar with the Grouping applet before
you begin to define policies using the Policy Manager.
Basic EPICenter Policy Definition
A QoS policy in the EPICenter Policy Manager is composed of the following components:
• A Name and Description that you supply when you create the policy. The Description is optional.
• The Policy Type, which translates to the implementation type (Access-based Security QoS, IP QoS,
Source Port QoS, or VLAN QoS). The implementation type determines the type of traffic grouping
the switch will look for in implementing the policy. This in turn determines what type of endpoints
are allowed in your traffic definition, and how some of the other elements, such as traffic direction,
are handled.
• A definition of the Access List (for Security policies) or Policy Traffic (for IP policies) to be affected
by the policy. You define the policy traffic by specifying the endpoints the switch should use to
identify the traffic of interest. The EPICenter Policy Manager lets you define the endpoints using a
high-level set of resources described below (see “Policy Named Components” on page 38 for more
details).
• The Access Domain or Scope of the policy—the set of network devices on which to apply the policy.
30
EPICenter Software Installation and User Guide
Policy Types
• The EPICenter Policy Manager converts the high-level policy definition you create into a set of
low-level ACL and QoS rules that it will configure on the devices within the scope or domain of the
policy. To do this, the Policy Manager takes the following steps:
a Converts the endpoint components and the specified traffic direction into traffic patterns.
b Uses the policy domain or scope to determine the device(s) and ports on which the QoS rules
should be implemented.
c
Determines the QoS profiles to associate with the traffic flows for each device in the scope.
d Resolves any QoS rule conflicts using precedence relationships.
e Configures the QoS rules on the network switches either automatically (if Auto Configuration is
enabled) or when you initiate the configuration using one of the directed configuration
operations.
Policy Types
The EPICenter Policy Manager supports four types of policies: Access-based Security QoS policies, IP
QoS (Access List) policies, Source Physical Port QoS policies, and VLAN QoS policies. These policies
assign QoS profiles to traffic flows that are identified based on dynamically determined destination
port, IP-based endpoint addressing information, physical port of origin, or VLAN origin. This release of
the EPICenter Policy Manager does not support policies for traffic based on MAC address destination
information or on explicit class of service (802.1P and DiffServ) information.
ExtremeWare versions 5.0 or later support IP, VLAN and source port types. Only ExtremeWare 7.0
supports Security policies. ExtremeWare versions prior to 5.0 support only VLAN-based QoS. Thus,
although the Policy Manager supports IP, Access-based Security, and Source Port policies, non-i-series
devices will not be able to use those policies unless they are running ExtremeWare version 5.0. The
Policy Manager will not attempt to configure policies on devices that cannot support them.
In the EPICenter Policy Manager, each policy type acts somewhat like a template, allowing you to
specify only components that are valid for the policy type. For example, the Policy Manager expects you
to enter two sets of endpoints for a Security or an IP policy, but only a single set of endpoints for a
VLAN or Source Port policy. In addition, the Policy Manager will only show endpoints of valid types in
the Select Policy Traffic list in the Edit Policy, Network Resource, Server, Clients or Users Endpoints
windows.
Access-based Security Policies
Access-based Security Policies represent a new policy type similar to IP policies. They are dynamic
policies which are designed and typically implemented at the edge of the network to enforce user based
security on an IP basis whenever and wherever the user connects. The principal difference is that the
ACL rules associated with the policy are dynamically applied to and removed from the network in
response to network login and 802.1x login and logout events. The IP addresses are static in nature and
determined by the network resources. The device port the user logs on dynamically determines the user
IP addresses. In addition, unlike IP policies, security policies are applied only on the device through
which the user logged on. These policies operate in concert with the currently defined static policies
and other access-based security policies and share the same precedence properties.
You use Access-based Security policies for a number of important reasons. One primary function of
these policies is to protect core network resources by controlling and enforcing security for user access
at the point of entry to the network (e.g. edge network devices). Additionally, these policies allow you
to augment the basic yes/no security provided by Netlogin with a finer grain control of access levels.
EPICenter Software Installation and User Guide
31
EPICenter and Policy Manager Overview
Users can be granted or denied access to certain areas of the network and users can be given different
service level guarantees by the use of different QoS profiles.
You also use Access-Based Security policies to grant various levels of service on a per user or user
group level. By using different QP assignments on a per user or user group basis in the access domain
of the security policy, each user receives a specific level of service on the edge device port. Static IP
policies should be defined in conjunction with dynamic user policies to establish a baseline security
access level and QoS level for all users. Typically, these static IP policies would be used to deny access
to sensitive network resources and/or to provide a base level quality of service. These static IP policies
should have lower precedence than the dynamic user based security policies to allow the dynamic user
based security policies to override the static IP policies on a per user basis.
Access-based Security policies are implemented with dynamic ACL allocation/deallocation on a per
edge device port basis by the policy server based on current users on the network. The ACL rules are
only applied to the single edge device port in the access domain on demand upon user network login
(netlogin / 802.1x). This differs from the static IP, VLAN and source port policies which apply the ACL
rules in a persistent manner on devices specified by the policy scope.
In the EPICenter Policy Manager, the endpoints of the traffic flow for Access-based Security policies are
defined as one or more services and users. The EPICenter Policy Manager lets you specify the endpoints
using named resources, such as user names or host names, or groups that include such resources. If you
specify a group resource as an endpoint, only the resources within the group (and its subgroups) that
can be mapped to an IP or subnet address will be used as policy endpoints on the network services
side.
The default traffic direction for Access-based Security policies is user to network resource(s), which
creates ACL rules with the source IP address as the user's IP address and the destination IP address as
the network resource IP addresse. This secures the network as the user is denied or permitted access to
the network resource(s). The bidirectional traffic setting is used when security policies grant access and
additionally provide quality of service. The quality of service for the traffic between the user and the
network resource(s) can be prioritized and guaranteed by the assignment of a specific quality profile on
a per user basis.
You can also further define the network resource-side traffic endpoints by specifying a named
application or service, which translates to a protocol and L4 port, by directly specifying a protocol and
L4 port range, or by using the Custom Applications group to collect a series of protocols and ports
under one application. The EPICenter Policy Manager currently supports TCP and UDP as L4 protocols.
In some cases you can also specify client-side L4 ports. The ICMP protocol is not currently supported.
The Policy Manager determines the traffic flows of interest based on the combination of endpoints and
direction you have specified, and creates a set of IP QoS rules that can be implemented on the
appropriate edge device (the login device).
Figure 2 shows the effects of a uni-directional Access-based Security policy specified between server
Iceberg and users A, B, and C. The policy domain includes only the two rightmost switches. The effect
of this policy is that Access-based Security QoS rules are implemented for one traffic flow through the
upper switch and two through the lower switch, from Users A, B and C to the server called Iceberg. No
rules are implemented on the intervening switches.
Although not shown in this diagram, you can specify multiple servers as well as multiple users.
32
EPICenter Software Installation and User Guide
Policy Types
Figure 2: Access-based QoS policy
An Access-based Security policy specifies traffic flow between two endpoints, one of which is
dynamically determined when the user logs in on the network. The policy is applied only at the entry
point to the system and does not need to be specified on each possible internal device that might be in
the path for that policy. This reduces the policy load on the rest of the system. On the contrary, for an IP
policy, the policy must be specified on each intermediate device in the path between the endpoints.
The EPICenter Policy Manager lets you specify the policy traffic flow in terms of named components.
Therefore, you can specify server “Iceberg” as the server endpoint, and users “A,” “B,” and “C” as user
endpoints. In addition, you can indicate that the traffic from the server should be filtered only to
include traffic generated by the Baan application, which translates to TCP traffic originating from L4
port 512. Ports are not specified for the users.
More details of the traffic flow can be seen in the following sections.
IP-Based Policies (Access List Policies)
An IP-based policy identifies IP traffic flowing between specific source and destination endpoints, and
then assigns that traffic to a QoS profile. For IP QoS, the traffic of interest is identified using any
combination of IP source and destination addresses, layer 4 protocol, and layer 4 (L4) port information.
In the EPICenter Policy Manager, the endpoints of the traffic flow are defined as one or more servers
and clients. The EPICenter Policy Manager lets you specify the endpoints using named resources such
as user names or host names, or groups that include such resources, as long as they can be mapped to
an IP address. If you specify a group resource as an endpoint, only the resources within the group (and
its subgroups) that can be mapped to an IP or subnet address will be used as policy endpoints.
You can also further define the server-side traffic endpoints by specifying a named application or
service, which translates to a protocol and L4 port, or by directly specifying a protocol and L4 port
EPICenter Software Installation and User Guide
33
EPICenter and Policy Manager Overview
range. The EPICenter Policy Manager currently supports TCP and UDP as L4 protocols. In some cases
you can also specify client-side L4 ports. The ICMP protocol is not currently supported.
The Policy Manager determines the traffic flows of interest based on the combination of endpoints and
direction you have specified, and creates a set of IP QoS rules that can be implemented in the
appropriate network devices.
Figure 3 shows the effects of a bi-directional IP policy specified between server Iceberg and clients A, B,
and C. The policy scope includes all three switches. The effect of this policy is that IP QoS rules are
implemented for six traffic flows on each switch: from the server to each of the three clients, and from
each client to the server.
Although not shown in this diagram, you can specify multiple servers as well as multiple clients.
Figure 3: IP QoS policy
Policy scope
Server
Iceberg
Application:
Baan
(TCP, L4 port 512)
Client A
Client B
Client C
XM_016
Unlike the VLAN and source port policy types, Security and IP policies specifies a traffic flow between
two endpoints, and that traffic may travel through multiple network devices between those two
endpoints. Thus, to protect the specified traffic along the entire route, the policy should be implemented
on all the devices between the two endpoints. This is done by including these devices in the policy
scope. On each device along the route, the traffic is identified based on the endpoint definitions (the IP
address, protocols, and L4 ports), and is assigned to the specified QoS profile on that device.
The diagrams shown in Figure 4 illustrate how the traffic flows are generated for the example shown in
Figure 3.
The EPICenter Policy Manager lets you specify the policy traffic flow in terms of named components.
Therefore, you can specify server “Iceberg” as the server endpoint, and clients “A,” “B,” and “C” as
client endpoints. In addition, you can indicate that the traffic from the server should be filtered only to
include traffic generated by the Baan application, which translates to TCP traffic originating from L4
port 512. Ports are not specified for the clients.
Because they were defined through the EPICenter Grouping Manager, the Policy Manager can translate
these high-level server and client names to IP addresses. Based on this information as well as the
specified traffic direction, the Policy Manager generates the set of traffic flows shown in the table at the
bottom of Figure 4. The diagram shows the steps involved in translating from the high-level objects
(host name and service) to IP addresses and L4 ports and protocols, to a set of traffic flows used in
policy rules.
34
EPICenter Software Installation and User Guide
Policy Types
Figure 4: Translation of a client/server policy definition into traffic flows
Server
Client
Iceberg
A
+
Baan
B
+
ANY
Server
Traffic direction:
BOTH
Client
10.2.3.4
10.4.0.1
10.4.0.2
10.4.0.3
*
*
TCP
512
Server
10.2.3.4
C
Client
TCP
512
10.4.0.1
10.4.0.2
10.4.0.3
Destination
IP
Destination
L4 port
Source
IP
10.2.3.4
10.2.3.4
10.2.3.4
10.4.0.1
10.4.0.2
10.4.0.3
TCP 512
TCP 512
TCP 512
10.4.0.1
10.4.0.2
10.4.0.3
10.2.3.4
10.2.3.4
10.2.3.4
*
*
*
*
*
*
*
*
*
Source
L4 port
*
*
*
TCP 512
TCP 512
TCP 512
XM_017
Note that the potential number of traffic flows can get very large if you specify a large number of
endpoints for both servers and clients. For “n” servers and “m” clients, the number of traffic flows
affected by the policy will be m*n. For this reason, the use of subnets rather than large numbers of
individual unicast IP addresses is recommended, when possible, for IP policies that involve multiple
endpoints.
When both subnet and unicast IP addresses are in the endpoint, the Policy Manager determines the
minimum set of IP/subnet addresses that are needed to represent all the addresses in the endpoint
specification. For example, if you specify policy endpoints as 10.2.0.0/16, 10.2.0.1, and 10.2.0.25, the
Policy Manager will use only 10.2.0.0/16
The IP QoS rules generated from EPICenter IP policy definitions are also known as Access List rules,
because they define and control IP-based access between endpoints. A rule implementing IP-based QoS
between server A and client B effectively defines the access allowed between those two endpoints.
Access rules intended to permit access between the endpoints are implemented using one of the QoS
EPICenter Software Installation and User Guide
35
EPICenter and Policy Manager Overview
profiles (QP1 through QP4 or QP8) that allow access, within the bandwidth and priority constraints
defined by the QoS profile. An access rule intended to deny access from one endpoint to another is
implemented in the EPICenter Policy Manager using the “blackhole” QoS profile.
IP-based QoS policies (or Access List policies) are supported on Extreme devices running ExtremeWare
5.0 or later— all i-series devices, and non-i-series devices running ExtremeWare 5.0x. This means that all
devices in the scope for an IP policy must be running ExtremeWare 5.0 or later.
Source Port Policies
A Source Port policy identifies traffic originating from a specific port on an Extreme switch, and assigns
that traffic to a QoS profile. In the policy definition, you specify as endpoints the specific ingress ports
from which the traffic will originate. As shown in Figure 5, a source port policy is always
uni-directional and implements Source Port QoS on the traffic flow from the specified source port.
Figure 5: Source Port policy
Policy scope
Server
IP address
QP2
(802.1p tag)
QP2
XM_018
You can specify multiple source ports in a single policy, and you can specify them by providing
higher-level resources such as a host name, user name, or a group, as long as the resources can be
mapped by the Policy Manager to a port on a switch. If you specify a group, only the resources within
the group (and its subgroups) that map to source ports will be used as policy endpoints.
In the case of source port QoS, the endpoint specification and the scope are theoretically redundant,
because the endpoint specification effectively defines the scope of the policy. However, you must specify
both the endpoint and the policy scope. If there are devices in the policy scope (for example, when the
scope resource is a group) that are not related to the ports specified as endpoints. These will not be
affected by the source port policy definition. For more details, see “Policy Access Domain and Scope”
on page 41.
Unlike IP QoS, a Source Port QoS rule is implemented only on the device where the source port resides.
However, you can enforce QoS throughout the network using 802.1Q tagging—specifically by explicit
packet marking using 802.1p or DiffServ. If the switch ports used for output use 802.1Q tagging, the
QoS profile assignment will be carried via the 802.1p priority bits to the next switch. On i-series chipset
devices, you can also enable DiffServ examination and replacement to observe and carry the QoS setting
with the packet between switches. The use of 802.1p priority bits is enabled when you enable tagging,
which you can do using the EPICenter VLAN Manager applet. DiffServ examination must be enabled
using the ExtremeWare CLI or through ExtremeWare Vista. See the ExtremeWare Software User Guide for
versions 6.0 or later for details on using 802.1p and DiffServ.
Source port QoS policies are supported on Extreme devices running ExtremeWare 5.0 or later— all
i-series devices, and non-i-series devices running ExtremeWare 5.0. This means that the endpoints used
to define Source Port policies must be on devices running ExtremeWare 5.0 or later.
36
EPICenter Software Installation and User Guide
Policy Types
VLAN Policies
A VLAN policy identifies traffic originating from the member ports of one or more VLANs, and assigns
that traffic to a QoS profile. The Policy System implements VLAN QoS for all the traffic flows from the
specified VLANs, on the devices you have defined in your policy scope.
Figure 6 shows the effects of a VLAN Policy that has been specified for VLAN A, and scoped on
switches A and B. The policy specifies that traffic originating from ports that are members of VLAN A
should use QoS profile QP2. Thus, this policy affects traffic originating from the ports associated with
client 1 on switch A, clients 5 and 6 on switch B, and the link between switches A and B. Traffic
originating from client 2 on switch A is not affected, since it originates on a port that is not a member of
VLAN A. In addition, traffic originating from client 4 on switch C is also not affected, even though it is
a member of VLAN A, because switch C was not included in the policy scope.
Figure 6: VLAN policy
Client 3
Client 2
Switch C
VLAN B
QP2
VLAN B
VLAN A
QP2
VLAN A
Switch A VLAN B
QP2
VLAN A
Client 4
VLAN B
(802.1p tag)
(802.1p tag)
QP2
VLAN A
Switch B
Client 1
VLAN A
QP2
VLAN A
QP2
QP2
Policy scope
VLAN A
Client 5
VLAN A
Client 6
XM_019
Like Source Port QoS, VLAN QoS rules are implemented only in the devices included in the policy
scope that have the specified VLAN. To enforce QoS settings across switch/VLAN boundaries you must
use 802.1Q tagging—specifically through explicit packet marking using 802.1p or DiffServ. If the switch
ports used for output use 802.1Q tagging, the QoS profile assignment will be carried via the 802.1p
priority bits to the next switch. On i-series chipset devices, you can also enable DiffServ examination
and replacement to observe and carry the QoS setting with the packet between switches. The use of
802.1p priority bits is enabled when you enable VLAN tagging, which you can do through the
EPICenter VLAN Manager applet. DiffServ examination must be enabled using the ExtremeWare CLI or
through ExtremeWare Vista. See the ExtremeWare Software User Guide for versions 6.0 or later for details
on using 802.1p and DiffServ.
EPICenter Software Installation and User Guide
37
EPICenter and Policy Manager Overview
In the example shown in Figure 6, if the links between switches A and C and switches B and C use
tagging (as shown in the diagram), the QoS profile information specified by the VLAN policy will be
propagated into switch C, for traffic originating on the links between the switches. The tag carries
information on which QoS profile should be associated with the traffic flow; the configuration of the
profile itself is determined by the configuration of each individual switch.
If you want to ensure that VLAN QoS is effective end-to-end, you should make sure your
switch-to-switch links use tagged ports.
Policy Named Components
The EPICenter Policy System lets you work with high-level, named components when defining a QoS
policy. These high-level policy named components are mapped to policy primitive components that are
actually used to create QoS rules that can be implemented in a network device.
Policy named components are components such as groups (which are mapped to their individual
members), users, and named hosts, which can be mapped to IP addresses and ports. These are
represented by the shaded boxes in Figure 7.
Policy primitive components are components such as device ports, IP addresses, VLANs, and QoS profiles,
that are used to define the QoS rules that will be implemented on a device. These are represented by the
white boxes in Figure 7.
Policy named components, and most primitive policy components must be defined before they can be
used in a policy definition. VLAN, device and port policy primitives must exist in the EPICenter
database (that is be known to the Inventory Manager and VLAN Manager) before they can be used in a
policy definition. Users, hosts, and group resources must be created (or imported) in the Grouping
Manager.
IP addresses, subnets addresses, and layer 4 ports can be predefined, or can be entered directly into a
policy definition through the Policy Manager user interface. In the case of Access-based Security
policies, the destination port is dynamically determined.
38
EPICenter Software Installation and User Guide
Policy Named Components
Figure 7: EPICenter Policy Manager components
Device
group
Group
GUI
import
User
Netlogin/DLCS
GUI
import
Netlogin/DLCS
GUI
import
VLAN
Device
port
GUI
import
GUI
import
GUI
Device
as a Host
Host
DNS
GUI
import
IP/subnet
Policy
named
components
System
Application
System
L4 /
L4 range
QoS profile
Policy primitive components
XM_020A
The following components are used within the EPICenter Policy Manager:
• Groups: Group resources (except for Device Groups) are created in the Grouping Manager. A group
can contain devices, ports, custom applications, VLANs, users, hosts, as well as other groups as
members. When you use a group in a policy definition, such as to define a traffic endpoint, the
Policy Manager looks through the group and its subgroups, and uses in the policy definition only
the resources of types that are valid for the policy you are creating.
• Devices (by name): Devices are entered into the EPICenter database through the Inventory Manager
(Discovery or Add Devices), or the DevCLI utility, and are mapped to IP addresses in the EPICenter
database. Devices are assigned to Device Groups in the Inventory Manger. They can also be added
as members to other groups through the Grouping Manager.
• Device Groups: Device Groups are created within the Inventory Manager, and devices are assigned
as members through that same applet. All devices are members of a device group. Device groups
can themselves be added as members of other groups, through the Grouping Manager.
• Hosts (by name): Host are entered into the EPICenter database through the Grouping Manager,
either using the Import capability or through the GUI. A Host to IP address mapping can be
established in several ways. The IP address can be added as a component attribute through the GUI
or as part of the Import function. Alternatively, the mapping can be obtained through a name lookup
service such as DNS. Within the Policy server, IP addresses are mapped to physical ports on an
Extreme switch using DLCS, or through relationships created in the Grouping Manager. Hosts can be
added as members of groups through the Grouping Manager.
• Applications: Applications are named components (such as Baan, FTP, HTTP) that map to a layer 4
protocol and port. A set of applications (with protocol and port mappings) are predefined in the
EPICenter database. You can also import application definitions through the Grouping Manager
Import function. These definitions appear only in the Policy Manager for an IP QoS policy.
• Custom Applications: These are user defined applications and consist of collections of L4 ports. A
custom application can consist of a mixture of UDP and TCP ports in any combination of single
EPICenter Software Installation and User Guide
39
EPICenter and Policy Manager Overview
ports or ranges of ports. Custom Applications are entered into the EPICenter database using the
Grouping Manager.
• Users (by name): These are entered into the EPICenter database through the Grouping Manager,
either using the Import capability or through the GUI. An individual User is typically mapped to a
Host by establishing a relationship within the Grouping Manager. User-Host relationships can be
specified through the Grouping Manager GUI or as part of the Import function. The Host is then in
turn mapped to an IP address and physical ports as described above. Users can be added as
members to groups through the Grouping Manager. For Security policies, user-host relationships are
established during netlogin/802.1x login and removed upon user logout.
• Ports: Ports are entered into the EPICenter database through the Inventory Manager through the
Discovery or Add Devices functions. They can be specified individually as part of a policy traffic
definition, or they can be members of a group. Ports are added to groups through the Grouping
Manager.
• VLANs: VLANs are detected by the Discovery or Add Device functions in the Inventory Manager,
and can also be created and modified using the EPICenter VLAN Manager. They can be specified
individually as part of a VLAN QoS policy traffic definition or they can be members of a group.
VLANs are added to groups through the Grouping Manager.
• IP addresses/Subnets: IP addresses or subnet addresses are used in Security and IP QoS rules to
identify IP traffic flows. IP and subnet addresses can be determined by the Policy Manager from
mappings associated with named components such as users or hosts. They can also be entered
directly as endpoints in an IP policy traffic definition.
• QoS Profiles: QoS profiles provide the definitions of traffic priority, and minimum and maximum
bandwidth that, when combined with a traffic flow specification, define a policy. QoS profiles are
predefined, but they can be reconfigured from within the Policy Manager.
The arrows shown in Figure 7 indicate the mapping relationships between policy named components
and policy primitive components. The higher-level component at the start of the arrow can be mapped
by the Policy Manager to the component at the end of the arrow. Named components may map directly
to a primitive component, or they may map to another named component that in turn maps to a
primitive component. For example, the Policy Manager maps a Host component directly to an IP
address and a port. However, a User component specified as a traffic endpoint is mapped first to a
Host, and then to an IP address and port, which is used to create the policy rules that affect traffic from
that user.
The labels associated with the arrows depicts how the mapping relationship is created:
• GUI indicates that the mapping may be created through the Grouping Manager user interface.
• Netlogin/DLCS indicates that the mapping may be obtained through Netlogin or the Dynamic Link
Context System (DLCS) operating within Extreme Networks devices.
• DNS indicates that the mapping may be obtained via a name lookup service such as DNS.
• IMPORT indicates that the mapping relationship can be specified during the import process in the
EPICenter Grouping Manager.
• SYSTEM indicates that the mapping is predefined, or is set up by the EPICenter server, such as
through the Discovery feature in the Inventory Manager.
40
EPICenter Software Installation and User Guide
Policy Access Domain and Scope
Policy Access Domain and Scope
The policy type and policy traffic definitions specify how to identify a traffic flow of interest. The policy
access domain (Security policy) or scope (IP policy) definition specifies how to handle that traffic flow
on your network devices. The policy access domain or scope definition has three functions: It specifies
the network devices on which the policy should be implemented, what the treatment should be on each
device in the domain or scope.
• You can specify the domain or scope by selecting individual devices, or you can specify groups to
include in the policy domain or scope.
• You specify the QoS profile that will be associated with the policy traffic for each resource in the
domain or scope. If you specify a device individually, then you can also specify a QoS profile for that
individual device. However, if you specify a group as a resource, then the QoS profile you select will
apply to the policy traffic on all the devices in the group. If a device is specified more than once in
the domain or scope (for example, because it is a member of two different groups that are both
included in the domain), you can specify which QoS setting will take precedence.
• You specify the times of validity using the scheduler tool associated with each policy. You can select
which days the policy will be active and you can specify start times and durations for each policy.
The following example illustrates some of the issues related to setting the scope for an IP policy. Since
the domain for Security policies is limited to the edge device to which the user is connected, many of
these issues are not relevant for Security policies.
Assume that you want to define an IP policy (Access List rule) applying to all TCP traffic (in both
directions) between Host1 and Host2. This defines two traffic flows for the policy:
• From any L4 port on Host1 to any L4 port on Host2
• From any L4 port on Host2 to any L4 port on Host1
Initially, you decide to define the scope as follows:
• Include all the devices on your network (switches A, B, and C) in the scope
• Set QP1 as the profile to be used on all three devices
This means that any time any of these switches detects TCP traffic with Host1 as the source and Host2
as the destination (or vice-versa), it will assign that traffic to profile QP1.
However, in your network it happens that traffic between Host1 and Host2 would never travel through
switch C, so implementing this policy on that switch is not necessary. Further, on switch B, profile QP1
is being used for some very high-priority, application-server traffic, so you want to give your TCP traffic
somewhat lower priority on that switch. You can accomplish this by changing the policy scope as
follows:
• Include only switches A and B in your policy scope. This will leave switch C unaffected by this
policy.
• Specify profile QP1 for switch A, but a different profile (for example, QP3) for switch B. On switch B,
you configure profile QP3 to have the appropriate parameters to accomplish the desired traffic
prioritization.
Alternatively, it might happen that the high priority traffic on switch B is not using QP1, so you can use
QP1 on both switches for the Host1-Host2 traffic. However, you may need to set the parameters for QP1
on switch B differently from the parameters of QP1 on switch A, to accomplish the desired traffic
priorities on switch B.
EPICenter Software Installation and User Guide
41
EPICenter and Policy Manager Overview
It is very important to understand the relationship of the target traffic flow, the QoS profile, and the
profile configuration in each switch. The policy rules generated by the EPICenter Policy Manager
associate a QoS profile with a particular traffic flow, but the configuration of that profile (its bandwidth
and priority parameters) are defined in each individual switch. Therefore, you may create a policy that
always associates profile QP1 with the traffic between Host1 and Host2, but the actual treatment of that
traffic, in terms of the minimum and maximum bandwidth and traffic priority, may be different in each
switch because profile QP1 is configured differently in each switch.
Using Groups in Policy Definitions
In many cases, you may want to define multiple policies that should apply to the same set of endpoints,
or that should have the same set of devices as the policy domain or scope. The ability to create groups
of users, hosts, devices, ports, custom applications, and VLANs can make the definition of these policies
easier.
For example, you may want to define several Access List policies to prioritize traffic between several
different application servers and a specific set of users. To accomplish this easily, you could create a
group that contains those users, and then use the group as the user or client endpoint in the traffic
definition for each of the policies you create. Further, you may want to include the same set of network
devices in the scope for these policies. Again, you can create a group for these devices, and use that
group to define the scope for each of the policies.
You can use the Grouping Manager to define a group of users:
• Use the EPICenter Grouping Manager to define the user resources, either by entering them
individually through the GUI or by importing them.
• Ensure that a mapping relationship exists from each user to an IP address. This is necessary so that
the Policy Manager can use them to create identifiable traffic flows. User-host-IP address
relationships are often created as part of the import process. If Netlogin/DLCS is running on your
Extreme network devices, it may do this mapping for you. You can also create these relationships
directly through the Grouping Manager GUI. In the case of Access-based access-based Security
policies, the user IP is dynamically determined when the user logs into the system
• When you have your user resources set up and mapped to IP addresses, you can create a group and
add your users as members of the group.
To create a group for the devices you want to use for the policy scope, you have two options:
• You can create a Device Group in the Inventory Manager, and assign the devices to this group.
• You can add devices as members of a non-exclusive resource group through the Grouping Manager.
The same device can be a member of multiple groups of this type, so future grouping requirements
do not need to impact the group you set up for your policy scope purpose.
Regardless of how you set up your group, you can then use this group to specify the scope for the
policies you create.
There is one consideration in using a group of devices in a policy scope, which is that the same QoS
profile applies to the entire group. For example, if you specify a group in the policy scope, and assign
profile QP3 to that group, all devices included in the group will then use QP3 for that policy. The
configuration of QP3 may be different on each device, but the policy will always apply QP3, however it
is defined, to the traffic flow defined by the policy. (The Policy Manager does allow you to inspect the
QoS profiles and their association with policies on devices or device ports, and you can adjust the
settings if needed).
42
EPICenter Software Installation and User Guide
Policy Configuration
The Grouping Manager allows groups to contain members of different resource types, including other
groups. However, when you are setting up groups for use with the Policy Manager, it is recommended
that you create relatively simple groups that contain only the resources that you intend to use for a
single purpose.
For example, when you use a group to define a traffic flow, you are specifying that all members of that
group (that can be mapped to an IP address) are endpoints of the specified traffic flow. If you define a
large group that is used for a variety of purposes, especially one with subgroups as members, you need
to ensure that it does not contain members that will result in policy traffic flows other than the ones you
intended to specify.
Furthermore, if the membership of the group changes after you have implemented your policies, the
endpoints for the traffic flow will change. If you have policy auto-configuration enabled, new policy
rules will automatically be computed and configured on your network, based on the new traffic flow
definition.
Precedence Relationships within the Policy Manager
The EPICenter Policy Manager has several types of precedence relationships:
• Precedence between resources within the scope of a policy
• Precedence between EPICenter policies
• Precedence between the QoS rules implemented on an Extreme Networks device
Each of these has a somewhat different use and effect.
Precedence between the resources in a policy scope is used to determine which QoS profile specification
should be used when a particular device is specified multiple times within a scope definition.
Policy precedence (precedence between policies) is used to determine which policy should be used when
multiple policies could apply to the same traffic flow. If this occurs, the policy with higher priority is
used by the switch over policies of lower priority. Policy precedence only controls the relationships
between policies of the same type. Policies of different types have a predefined precedence relationship:
IP QoS policies are the highest priority, Source Port QoS policies are second, and VLAN QoS policies
have the lowest priority.
For IP policies, policy precedence is implemented by assigning precedence numbers to IP access-lists
that are configured to the devices. These precedence numbers may be different on different devices
depending on how many policies are active on a given device. The actual IP access-list precedence
number is not as important because it is the relative ordering between the precedence numbers from the
access-list that matters.
Policy Configuration
The EPICenter Policy Manager supports automatic configuration of QoS policies. If Auto Configuration
is enabled, every change you make on a device or within the EPICenter software has the potential to
trigger an immediate recomputation and reconfiguration of the QoS policies on your network. An
automatic reconfiguration can be triggered by any of the following events:
• Changes to group memberships made through the Grouping Manager or Inventory Manager that
affect a group used to define a policy endpoint or policy scope
EPICenter Software Installation and User Guide
43
EPICenter and Policy Manager Overview
• Changes made through the ExtremeWare CLI or ExtremeWare Vista on a device managed by the
EPICenter server
• A user login or end station reboot when DLCS is enabled
• Saving a change to a policy within the Policy Manager
If Auto Configuration is disabled, you must explicitly perform the configuration process using one of
the directed configuration functions initiated using the Configure or Configure All buttons on the
Policy Manager toolbar.
The EPICenter policy server also supports policy enabling and disabling, and policy configuration
through an external access protocol and API. External applications can use Tcl functions to enable and
disable policies, and to configure policies on specified devices. The external access protocol and Client
Tcl API are documented in Appendix C of this manual.
Cisco Device Support
EPICenter software supports Cisco devices running Cisco IOS version 11.2. Later software versions may
work but have not been tested. EPICenter 3.1 has been tested with the following models running Cisco
IOS 11.2:
• Cisco 2500
• Cisco 3600
• Cisco 2610
• Cisco 2621
Other models may also work, but have not been tested. See the EPICenter Release Note and Quick Start
Guide that accompanies your software for the most current list of supported models.
EPICenter software uses a custom queue list for bandwidth control and a priority queue list for priority
control. The custom or priority queue list are bound to each interface independently, so you can specify
the queueing strategy individually for any given interface. You also specify the set of access lists, the
custom queue list and the priority queue list for the EPICenter software to use.
Cisco Port Mappings
When EPICenter software pushes a policy to a Cisco device, the device automatically maps well-known
TCP and UDP port numbers to names (for example, TCP port 80 to the name “HTTP”). When
EPICenter software reads the rules from a Cisco device, it must re-map the name back to a port number.
EPICenter software uses a properties file to associate the well-known port names and port numbers.
The ciscoipports.properties file is found in the extreme directory under the top-level installation
directory (<epicenter-install-dir>/extreme/ciscoipports.properties). If you encounter
port-to-name mappings that are not included in this file, you can edit the file with a standard text
editor.
Limitations on Cisco Device Support
Certain policies cannot be fully implemented on Cisco devices to make them function exactly like
Extreme devices.
44
EPICenter Software Installation and User Guide
EPICenter Policy Limitations
Maximum bandwidth parameter in a QoS profile
The maximum bandwidth parameter is not used when EPICenter software pushes policies to Cisco
devices.
EPICenter Policy Limitations
The EPICenter Policy Manager does not support the entire set of policy-based QoS features found in the
most current versions of the ExtremeWare software. In addition, not all versions of the ExtremeWare
software support all the features available through the Policy Manager.
Appendix H presents information about how the policy features available in the various versions of the
ExtremeWare software are supported by the EPICenter Policy Manager. Appendix H also present a list
of issues related to the Policy Manager’s support of policy on Cisco devices.
EPICenter Software Installation and User Guide
45
EPICenter and Policy Manager Overview
46
EPICenter Software Installation and User Guide
2
Installing the EPICenter Software
This chapter describes:
• Hardware and software requirements for the EPICenter server and client
• Procedure for obtaining an evaluation or permanent license key for the software
• Installing the EPICenter server software under Windows 2000 or Windows XP
• Installing the EPICenter client software under Windows 2000 or Windows XP
• Setting up Internet Explorer for use with the EPICenter client on a Windows system
• Installing the EPICenter server software under the Solaris Operating Environment
• Installing the EPICenter client software under the Solaris Operating Environment
Installation Overview
The EPICenter software includes a set of Java applications, a Web Server, database software, and a client
application. The installation process installs all of these components on a Windows 2000 or Windows XP
system, or under Solaris 7 or Solaris 8.
The EPICenter software offers two different clients. One is an installed client that runs as a stand-alone
application on the client workstation. The other client runs within a web browser (Microsoft Internet
Explorer under Windows) with the Java Plug-in version 1.3.1 or later. The browser-based client does not
require installation, you just point your browser to the EPICenter server. The installed client is installed
along with the EPICenter server, and can be installed separately on a client workstation.
NOTE
See the EPICenter Release Note and Quick Start Guide for the most current information on installation
requirements.
The EPICenter server installation process installs two components:
• The EPICenter Database Engine
• The EPICenter Web Server
Under Windows 2000/XP you can run these as services, or just as an application. Running them as
services is recommended.
EPICenter Software Installation and User Guide
47
Installing the EPICenter Software
Server Requirements
The EPICenter server can run under Microsoft Windows 2000, Windows XP, or Sun Microsystems
Solaris Operating Environment, SPARC Platform Edition.
Windows 2000 or Windows XP
For installation under Windows 2000 or Windows XP, the requirements are:
• Microsoft Windows 2000 or Windows XP running on an Intel platform.
• 192 MB RAM (256 MB recommended, especially if you plan to run an EPICenter client on the same
system).
• Disk space depends on the file system used on the disk as well as the number of items (devices,
ports, alarms etc.) that the system must handle:
— 130 MB of disk space for the server installation.
— Up to 150-200 MB for runtime usage (log files, database, user-defined scripts, reports, and so on).
— If the disk is using the FAT file system, the EPICenter server could use 20% of the disk (i.e 300MB
on a 1 GB disk, 600 MB on a 2GB disk and so on). Installing on a FAT file system is not
recommended.
You can tell the type of file system by looking at the disk properties. Right-click on the drive
letter in the Windows Explorer or My Computer windows.
• 400 Mhz Pentium-compatible processor.
• CDROM drive (for installation).
• A network connection.
Solaris
For installation under Solaris, the requirements are:
• Solaris 7 or Solaris 8 with required patches already installed.
• 128 MB RAM (256 MB recommended, especially if you plan to run an EPICenter client on the same
system).
• As much as 300 MB disk space:
— 130 MB of disk space for the server installation
— Up to 150-200 MB for runtime usage (log files, database, user-defined scripts, reports and so on)
• CDROM drive (for installation)
• A network connection
The Solaris 7 or Solaris 8 operating environment may require patches for EPICenter to function
properly. Make certain these patches have been installed before you install the EPICenter server
software. See “Required Patches” on page 56 for more information on obtaining any needed patches.
For the most current information on required patches, see the EPICenter Release Note and Quick Start
Guide that accompanies your EPICenter software, or check the Extreme Networks web site at
www.extremenetworks.com.
48
EPICenter Software Installation and User Guide
Client Requirements
Client Requirements
The EPICenter software provides two options for connecting to an EPICenter server from a client
system: a stand-alone client application, or a browser-based client you can run from a web browser such
as Microsoft Internet Explorer.
On Solaris-based systems, only the stand-alone client is supported.
NOTE
The browser-based client is supported on Windows-based systems only.
The EPICenter client requires a monitor that supports 1024 x 768 resolution, and at least 16-bit color.
Your system Display Settings must be set for 65536 colors.
The client can also use large amounts of memory. 128 MB of RAM is recommended for best
performance (256 MB is recommended if you plan to run the client on the same system as the EPICenter
server).
The browser-based client is a Java-based application that runs within a web browser such as Microsoft
Internet Explorer. Under Windows 2000 or Windows XP, install Internet Explorer 6.0, Internet Explorer
5.0, or Internet Explorer 5.5 with Service Pack 1, and the Java 1.3.1 plug-in.
NOTE
See the EPICenter Release Note and Quick Start Guide shipped with the software for the latest
information about configuration requirements.
Browser Requirements for Reports
Even if you are running the stand-alone client application, a browser is required to run the EPICenter
HTML reports. The EPICenter dynamic reports are HTML pages that do not require Java capability, and
thus can be accessed from browsers that do not have the ability to run the full EPICenter user interface.
The following browser clients are supported for displaying reports:
• Under Windows 2000 or Windows XP, install Internet Explorer 5.5 with Service Pack 1, or Internet
Explorer 6.0.
• On a Solaris system, install Netscape Navigator/Communicator 4.7 or later
To launch the browser and view the EPICenter HTML reports on a Solaris system, you need to include
Netscape on the search path. If you do not want to add Netscape to the search path, edit the
launchURL.sh script from either the EPICenter server install directory (by default,
/opt/extreme/epc4_1) or the EPICenter client install directory (UNIX default directory is
/opt/extreme/epc4_1_client). In the launchURL.sh script, replace the word “netscape” with the full
path to the Netscape program installed on your system.
EPICenter Software Installation and User Guide
49
Installing the EPICenter Software
EPICenter Software Licensing
In order to log in to the EPICenter server from an EPICenter client, the product must be configured with
a valid license. Optional products such as the Policy Manager also require their own license keys.
An evaluation license allows you to run the product for 30 days. A permanent license has no time limit.
You can install the software without a license key, but you will not be able to connect to it from an
EPICenter client. (If you need to install the product without a license key, you can add the key at a later
time using a license key upgrade utility.)
You must obtain both evaluation and permanent license keys from the Extreme Networks licensing web
site. The license key should be sent to you as e-mail within minutes of submitting your request.
Both evaluation and permanent license keys are 14-character keys that start with EP and are followed
by 12 additional characters that are a combination of upper- and lower-case case alphabetic characters,
numbers, and special characters such as “+”
If you have purchased the product, you should have received an activation key, found on the License
Agreement included in your software package. This key starts with “AC,” and can be used to obtain a
permanent license key. You do not need an activation key to obtain an evaluation license key.
NOTE
See the EPICenter Release Note and Quick Start Guide shipped with the software for the latest
information about obtaining a license key.
Obtaining an Evaluation License
To obtain an evaluation license key, use your browser to connect to the license page at
http://www.extremenetworks.com/go/epickey.htm.
Select the option to obtain an evaluation license key. You will be asked to enter your name, company
information, and other similar information, and an e-mail address to which your license key should be
sent.
You license key will be sent to you by return e-mail.
Obtaining a Permanent License
To obtain a permanent license key, use your browser to connect to the license page at
http://www.extremenetworks.com/go/epickey.htm.
Select the option to obtain a permanent license key.
Fill in the requested information, and enter your activation key. The activation key is a 14-character key
that starts with “AC” and is found on the License Agreement included with your software package.
Your permanent license key will be sent to you by return e-mail.
Upgrading an Evaluation License
To update an evaluation license of EPICenter to a permanent license, use the instlic utility.
50
EPICenter Software Installation and User Guide
Upgrading from a Previous Release
In Windows, run the instlic command using the Run command from the Windows Start menu, or
from an MS-DOS command window. From Solaris, run the command from a command shell. The
instlic utility is found in the EPICenter install directory, by default c:\Program Files\Extreme
Networks\EPICenter 4.1\ in Windows, or /opt/extreme/epc4_1 on a Solaris system.
Enter the command followed by the 14-character license key, as follows:
instlic <license_key>
After you enter the new license key, you must logout of EPICenter and login again.
See “Adding or Updating the License Key” on page 55 (for Windows) or “Adding or Updating a
License Key” on page 61 (for Solaris) for further instructions.
Adding a License for an Optional Product
When you purchase a product option such as the EPICenter Policy Manager, you receive a separate key
to enable the optional module. If you purchase the optional module at the same time as the main
EPICenter software, you can use the use the optional module key when you do the EPICenter
installation, and it will enable both the EPICenter software and the additional module.
However, if you purchase the additional module at a later time, you must update your license key to
enable the new module.
To add a license key for an optional EPICenter product module, use the instlic utility.
In Windows, run the instlic command using the Run command from the Windows Start menu, or
from an MS-DOS command window. From Solaris, run the command from a command shell. The
instlic utility is found in the EPICenter install directory, by default c:\Program Files\Extreme
Networks\EPICenter 4.1\ in Windows, or /opt/extreme/epc4_1 on a Solaris system.
Enter the command followed by the 14-character license key, as follows:
instlic <license_key>
After you enter the license key for the optional product, you must logout of EPICenter and login again.
See “Adding or Updating the License Key” on page 55 (for Windows) or “Adding or Updating a
License Key” on page 61 (for Solaris) for further instructions.
Upgrading from a Previous Release
If you have the previous software release installed, the installation script can also migrate your database
information to the new EPICenter software version. The installation program detects the previously
installed version and notifies you to proceed with the upgrade. For the EPICenter SE release 4.1, you
can upgrade from EPICenter 3.1 or 4.0, but not from any earlier versions of the ExtremeWare Enterprise
Manager software. If you are running one of the older versions (ExtremeWare Enterprise Manager 1.0,
1.1, 2.0, or 2.1) you must do a new installation of the EPICenter 4.1 software.
EPICenter Software Installation and User Guide
51
Installing the EPICenter Software
Installing on a Windows 2000 or Windows XP System
The following sections assume that Microsoft Windows 2000 or Windows XP is already running.
NOTE
For information on installing and running Windows 2000 or Windows XP, refer to the documentation
supplied with your Microsoft Windows software.
To install the EPICenter software components under Windows 2000 or Windows XP, you must have
administrator privileges on that system.
If you have the previous software release installed, the installation script migrates your database
information to the new EPICenter software version.
CAUTION
If you are running an evaluation version of the EPICenter software, DO NOT REINSTALL the EPICenter
software to upgrade to a permanent license if you want to retain the information in your EPICenter
database. Using the license installation utility will preserve the contents of the database.
To update an evaluation copy of the EPICenter server to a licensed copy without reinitializing the
database, follow the update procedure described in “Adding or Updating the License Key” on page 55.
NOTE
If you already installed the EPICenter client software, you must UNINSTALL the client software before
you begin the EPICenter server installation.
To install the EPICenter server, follow these steps:
1 Close any open applications.
2 Insert the CDROM into the CDROM drive.
3 In most cases, the Extreme Networks EPICenter Welcome screen appears automatically. If it does not:
a Open My Computer or Windows Explorer, and go to your CDROM drive.
b Go to the nt directory, open the server sub-directory, and start Setup.exe.
The EPICenter Welcome screen appears.
4 Follow the on-screen instructions to progress through the Welcome screen.
5 If you have a previous version of EPICenter installed, you are notified that the services will be
stopped in order to install the new EPICenter software. If this is acceptable, click Yes.
6 Click Yes to accept the license agreement.
7 Enter your company information.
8 Enter your license key and click Next to continue.
The license key is a case-sensitive string starting with “EP” and followed by 12 characters (a mixture
of uppercase and lowercase letters, numbers, and special characters) that you obtained from the
Extreme Networks web site.
52
EPICenter Software Installation and User Guide
Installing on a Windows 2000 or Windows XP System
The license key is NOT the same as the activation key, which starts with “AC,” and found on the
License Agreement shipped with your purchased product. You use the activation key to obtain a
permanent license key from the Extreme Networks web site at
http://www.extremenetworks.com/go/epickey.htm
See “EPICenter Software Licensing” on page 50, or the EPICenter Release Note and Quick Start Guide
for details on obtaining an evaluation or permanent license key.
If you have purchased the EPICenter software and an additional module such as the Policy Manager,
you can use the key you received for the optional module here. It will enable both the EPICenter
software and the additional module.
If you do not yet have a key, you can still install the product, and then update the key later using the
instlic.exe utility. See “Adding or Updating the License Key” on page 55.
— To skip entering a key, leave the field blank and click Next.
— A warning box pops up; click OK to continue.
9 In the Destination dialog box, choose one of two options:
— Accept the default target drive and folder displayed in the Destination Directory box.
— Click Browse and select or enter a new folder, a new drive, or both and click Next.
If you are installing on a disk that uses the FAT file system rather than the NTFS file system, a
warning message pops up when you click Next. This is because under the FAT file system, the
EPICenter software can take up as much as 20% of your partition, regardless of the partition size.
In the Database Server Information dialog box, enter a number in the Port field for the TCP port that
the EPICenter Web Server will use to communicate with the database, or accept the default (10553).
You can use any port number (a number between 1024 and 65535 is recommended), except a port
number already in use by another process.
NOTE
Extreme Networks recommends that you choose a port number that is not currently registered at
Internet Assigned Numbers Authority (IANA). To check if a port number is registered, go to
http://www.iana.org/numbers.html.
10 When the Automatic Information Updates dialog box appears, as shown in Figure 8, click Yes to
enable automatic updates or click No to disable automatic updates.
Figure 8: Automatic Information Updates
EPICenter Software Installation and User Guide
53
Installing the EPICenter Software
11 In the Get HTTP Port dialog box, you are asked for two ports that the EPICenter Web Server will
use:
— The HTTP Port for communication with clients (default 80).
— The Admin Port used by the EPICenter web server (default 8009).
Accept any or all of the default port numbers, or enter different port numbers.
You can use any port number (a number between 1024 and 9999 is recommended) except:
— The port number you just entered for the database TCP port.
— Any port number already in use by another process.
12 If there is an EPICenter server (versions 4.0 and earlier) running as a service, a notice appears
advising you that the services are being shut down.
The installation software then copies the EPICenter program files from the CD to your system.
13 When the files have been copied, the Install as a Service dialog box asks if you want to install the
EPICenter database and web server components as Windows services.
— Click Yes to install the EPICenter components as services. This is strongly recommended. If the
EPICenter components run as services, they will be started automatically on system boot, and
will persist across user logins and logouts.
NOTE
You must have Administrator privileges to install the EPICenter components as services.
In addition, if you want to be able to import user and host information from a Windows NT Domain
Controller, the EPICenter server must run with permissions that allow it to get user information from
a Domain Controller.
— Click No if you do not want to install the components as services.
14 If you are upgrading from the previous release of the EPICenter software, you are asked whether
you want to copy the database and other persistent data to the new installation. Click Yes to copy
the data, or No to continue without doing so.
If you answer Yes, an MS-DOS window will appear briefly while the database contents are dumped
from the old database and loaded into the new database.
NOTE
This installation utility will upgrade the database from EPICenter 3.1 or 4.0 to EPICenter 4.1.
Database upgrades from earlier versions are not supported.
15 If you elect to copy your previous data, the EPICenter installation process also notifies you that you
must copy from the old installation any switch software image files or report files you may have
modified or added. The installation process does not copy these files. You can do this after the
installation has finished.
16 The installation procedure now installs the license key. An MS-DOS window will appear briefly
while this occurs.
If the license key you entered is invalid, an error window pops up. If you did not enter a license key,
a warning pops up. In either case, you can use the instlic utility to enter a valid license key after
you have completed your installation.
54
EPICenter Software Installation and User Guide
Installing on a Windows 2000 or Windows XP System
17 In the final dialog box, EPICenter Setup Complete, you can do the following.
— Click the checkbox to indicate you want to view the Readme file.
— If you have installed the EPICenter components as services, click the second checkbox to indicate
you want your system to be restarted. If you choose not to restart your system at this time, you
must either restart the server or start the services manually before you can log in to the EPICenter
server from a client.
— Click Finish to complete the installation process.
18 If you added or modified any reports, or added new switch software images to the previous
EPICenter installation, you should copy these files to the new installation. You must manually copy
the following files:
• Image files you have placed in the subdirectories under the
<EPICenter_install_dir>\user\tftp directory
• Reports you have modified or added in the <EPICenter_install_dir>\user\reports\html or
<EPICenter_install_dir>\user\reports\tcl directories
Copy these to the corresponding directories in the new installation.
Adding or Updating the License Key
To update an evaluation license of EPICenter to a permanent license, or to install a license key after the
original installation is complete, use the instlic utility provided.
CAUTION
DO NOT reinstall the software if you have any data or configurations of value in the EPICenter
database. Re-installation will re-initialize the database.
To update your license key, follow these steps:
1 Select Run... from the Start menu, or start an MS-DOS command window.
NOTE
Because you must enter the license key on the command line, you cannot run this utility from a
Windows Explorer or My Computer window.
2 Enter the command <EPICenter_install_dir>\instlic <key>
<EPICenter_install_dir> is the directory (path) where you installed the EPICenter components. If
you installed in the default directory, the path is c:\Program Files\Extreme Networks\EPICenter
4.1\
<key> is the 14-character license key, starting with “EP,” that you obtained from Extreme Networks.
Type the key exactly as it is shown in the e-mail you received from Extreme Networks. The key is
case sensitive.
For example: c:\Program Files\Extreme Networks\EPICenter 4.1\instlic EP1a2B3c4D5+eF
If the license update is successful, the message “License Installed” is displayed.
If the update is not successful, the message “Invalid argument key : <key>” is displayed. <key> is
the license key you entered with the instlic command. Verify that you typed the key exactly as shown
in the e-mail you received from Extreme Networks. Make sure you log out and log back in to EPICenter
to enable the new module.
EPICenter Software Installation and User Guide
55
Installing the EPICenter Software
Installing on a Solaris System
The EPICenter server software, version 4.1, is supported under Solaris 7 and Solaris 8. See “Server
Requirements” on page 48 for the hardware requirements. Also, check the EPICenter Release Note and
Quick Start Guide for any additional issues.
Required Patches
The Solaris 7 or Solaris 8 operating environment requires patches for the EPICenter software to function
properly. Make certain these patches have been installed before you install the EPICenter server
software.
For the most current information on required patches, see the EPICenter Release Note and Quick Start
Guide that accompanies your EPICenter software, or the Extreme Networks web site at
www.extremenetworks.com.
Sun Microsystems makes these patches available on the Java download site in the form of tar files. They
can be found at:
http://www.sunsolve.sun.com/pub-cgi/show.pl?target=patches/J2SE
On this page, select Java 2 Standard Edition (J2SE) 1.3.0_03 Production Release for Solaris, English,
SPARC Edition. The patches listed for this release apply to the 1.3.1 Plug-in as well.
You must register or log in, and then you will be presented with the download page that includes
Solaris patch bundles.
Local Name Resolution
The Solaris system on which EPICenter is installed must be able to resolve both its own local name and
its domain name. For example if you install EPICenter on a system named system1, then it must be
able to resolve both system1 and its domain name, such as system1.company.com. You can test for this
by attempting to ping the system using both the local name and the domain name. If there are problems
resolving either of these names, make sure the /etc/hosts file contains the correct information.
Installing the EPICenter Server
The instructions that follow assume that you are running in a command shell or Xterm window.
You can install the EPICenter components without being logged in as root, as long as you do not use
port numbers less than 1024 (for example, port 80 for the EPICenter web server, which is the default).
CAUTION
When you install the EPICenter Server, it initializes the database. If you attempt to re-install the server
once you have installed it, the installation process reinitializes the database, and your existing data and
configurations will be lost.
To update an evaluation copy of the EPICenter software to a licensed copy without reinitializing the
database, follow the update procedure described in the section “Adding or Updating a License Key” on
page 61.
56
EPICenter Software Installation and User Guide
Installing on a Solaris System
NOTE
If you already installed the EPICenter client software, you need to UNINSTALL the client software
before you begin the EPICenter server installation.
To install the EPICenter server software, follow these steps:
1 Insert the CDROM into the CDROM drive.
2 If you are running CDE, the contents of the CDROM are displayed in the File Manager. Go to the
sol directory.
To run from an Xterm window:
cd /cdrom<x>/sol
where <x> is your CDROM drive number (e.g. cdrom0). The volume label of the installation CD is
epc41b<xx>, where <xx> is the build number, for example epc41b34.
3 To install the server, change to the server directory:
cd server
To install the client, change to the client directory:
cd client
4 Run the installation script:
./install.sh
The EPICenter Welcome message appears as follows:
******************************************************************
Welcome to the Extreme Networks EPICenter
install program. This program will install:
EPICenter version 4.1.0 on this system.
******************************************************************
Please review the following software license terms
and conditions. You will need to accept this license
to continue the installation. Press space to page
through the license.
Press <enter> to view the license:
5 When you press [Enter], the text of the license is displayed. You can use the space bar to page
through it. When you reach the end, you are asked:
Do you agree to the above conditions? (Y/N):
6 Enter Y if you agree and want to proceed. Enter N to terminate the installation process. This
question does not have a default, you must enter Y or N.
7 Next, you are prompted for the directory where the EPICenter server software should be installed:
Please enter the directory in which the software will be installed.
The default directory is /opt/extreme/epc4_1, but the product may be installed
anywhere.
EPICenter Software Installation and User Guide
57
Installing the EPICenter Software
Install Directory [/opt/extreme/epc4_1]:
Enter the directory or accept the default (/opt/extreme/epc4_1).
NOTE
Make sure there are no spaces in the directory names.
If you specify a directory that does not exist, you are asked whether it should be created:
/opt/extreme/epc4_1: No such directory.
Do you wish to create it? (y/n)[y]
Assuming you want to create the directory, accept Y as the default. If you answer N, the script will
assume the directory already exists.
8 The installation script now copies and installs the EPICenter files:
Installing EPICenter files...
After copying a number of files, the following message appears:
File copy complete.
Configuring Installation.
At this point additional files are copied and the EPICenter installation tree is created, and filled out.
This will take several minutes.
When the files are complete, you are asked for a set of configuration information.
To configure EPICenter, we will need to ask you for some information.
the default answers will work correctly.
In most case
9 First you are asked whether you want to upgrade from a previous installation of EPICenter. You can
upgrade from EPICenter 3.1 or EPICenter 4.0.
*** Upgrade Parameters
If there is a previous installation of EPICenter installed,
you may import the database from the previous
installation. If there is no previous install, or you would
like to start from scratch, select new installation.
Would you like to upgrade from a previous install? (Y/N) [N]:
Answer Y to upgrade.
If you answer Yes, the install script asks for the location of the previous version of EPICenter.
Old install directory [/opt/epc4_0]:
Accept the default or enter the actual location (full path name).
10 Next, you are asked for a license key.
*** License Key
Please enter the license key for the product.
This will be a string starting with EP followed by 12 characters.
To obtain a license (evaluation or permanent) visit the web site
http://extremenetworks.com/go/epickey.htm
Refer to the product release notes for more information on obtaining
a license key. Enter s to skip and install the license later.
58
EPICenter Software Installation and User Guide
Installing on a Solaris System
Please enter the license key:
The license key is NOT the same as the activation key, which starts with “AC,” and is found on the
License Agreement shipped with your purchased product. You use the activation key to obtain a
permanent license key from the Extreme Networks web site at
http://www.extremenetworks.com/go/epickey.htm
See “EPICenter Software Licensing” on page 50, or the EPICenter Release Note and Quick Start Guide
for details on obtaining an evaluation or permanent license key.
If you do not yet have a key, you can still install the product, and then update the key later using the
instlic utility. See “Adding or Updating a License Key” on page 61.
If you have purchased the EPICenter software and an additional module such as the Policy Manager,
you can use the key you received for the optional module here. It will enable both the EPICenter
software and the additional module.
11 When the Automatic Information Updates dialog box appears, answer Y to enable automatic
updates or N to disable automatic updates.
12 Next, you are asked to enter a port for communication between the Web server and the database
server:
*** Database Parameters
EPICenter will run an SQL database server on this machine. The database
needs the name of this machine and an unused port to listen on.
Please enter the port for the database: [10553]
Accept the default (10553) for the TCP port that the EPICenter Web Server will use to communicate
with the database, or enter a different port number. You can use any port number (a number
between 1024 and 65535 is recommended) except a port number already in use by another process.
NOTE
Extreme Networks recommends that you choose a port number that is not currently registered at
Internet Assigned Numbers Authority (IANA). To check if a port number is registered, go to
http://www.iana.org/numbers.html.
13 You are now asked for three ports that the EPICenter Web Server will use.
*** Web Server Parameters
EPICenter runs as a web server and by default accepts HTTP requests
on port 80. You may specify an alternative. Additionally EPICenter needs
another unused port for server administration.
If you are not sure what to enter, the defaults
should be acceptable.
Please enter the http port for the web server: [80]
Please enter the http port for the admin web server: [8009]
Accept any or all of the default port numbers, or enter different port numbers.
You can use any port number (a number between 1024 and 9999 is recommended) except:
— The port number you just entered for the database TCP port.
— Any port number already in use by another process.
EPICenter Software Installation and User Guide
59
Installing the EPICenter Software
14 Finally, you are asked to confirm the configuration parameters:
*** Configuration
Please review the following items.
Upgrade
License
Database Port
HTTP Port
HTTP Admin Port
=
=
=
=
=
NO
<the
<the
<the
<the
key you entered or “s”>
port you entered or 10551>
port you entered or 80>
port you entered or 8007>
Are these correct? (Y to accept / N to re-enter) [N]:
15 If you accept the parameters by entering Y, the installation script will finish with the following
messages:
Installing License...
License properties = Type: License, Version: 4
License installed.
Done.
Updating ./extreme/WEB-INF/web.xml
Updating ./tomcat/conf/server.xml
If you are upgrading from an earlier version of EPICenter, you will also see the following:
*** Database Upgrade
Upgrading Database...
Upgrading from EPICenter 4.0
Generating sql files...
Dumping data from tables in old database ...
Loading data into tables in new database ...
Database Upgrade Complete.
Next, you are asked to move or copy any previous switch software images or uploaded switch
configuration files.
from: /export/home/epc3_1/user/tftp
to: /opt/extreme/epc4_1/user/tftp
If you modified any reports or created custom reports, you are asked to move or copy these files
from:
/export/home/epc3_1/user/reports/html
and /export/home/epc3_1/user/reports/tcl
to /opt/home/epc4_1/user/reports/html
and /opt/home/epc4_1/user/reports/tcl
Next, the installation process creates a script and some symbolic links.
Adding EPICenter to /etc/init.d
Adding link from rc3.d to /etc/init.d/
Adding link from rc2.d to /etc/init.d/
60
EPICenter Software Installation and User Guide
Installing on a Solaris System
16 Finally, you are given the opportunity to have the EPICenter server started for you.
Would you like to start the server now? (Y/N): n
Answer Yes to start the server immediately, or No if you want to start it at a later time.
The final messages are:
The EPICenter software installation is complete.
Once the server is running, you can run the client by executing the following command:
opt/extreme/epc4_1/runclient
Starting EPICenter server with /opt/extreme/epc4_1/runserv &
Server output:
***********************************************************
***********************************************************
INSTALL COMPLETE
<host> is the name of the system you’ve just installed on, and <port> is the HTTP port you entered
(or 80 if you accepted the default).
Adding or Updating a License Key
To update an EPICenter evaluation license to a permanent license, or to install a license key after the
original software installation is complete, use the instlic utility provided.
CAUTION
DO NOT reinstall the software if you have any data or configurations of value in the EPICenter
database. Re-installation will re-initialize the database.
Run the installation script found in the EPICenter installation directory:
<install_dir>/instlic <key>
<install_dir> is the directory (path) where you installed the EPICenter components.
<key> is the 14-character license key, starting with “EP,” that you obtained from Extreme Networks.
Type the key exactly as it is shown in the e-mail you received from Extreme Networks. The key is
case sensitive.
For example, if you installed in the default directory, enter:
/opt/extreme/epc4_1/instlic EP1a2B3c4D5+eF
You must have write permission for the EPICenter install directory.
If the license update is successful, the message “License Installed” is displayed in the xterm or
command window.
If the update is not successful, the message “Invalid argument key : <key>” is displayed. <key> is
the license key you entered with the instlic command. Verify that you typed the key exactly as shown
in the e-mail you received from Extreme Networks.
EPICenter Software Installation and User Guide
61
Installing the EPICenter Software
Setting Up SNMP Version 3 for Solaris and Windows
To use SNMP Version 3 privacy, EPICenter supports SunJCE version 1.2.2. You can download SunJCE
1.2.2 from the following website:
http://java.sun.com/products/jce/index-122.html
To use SNMP V3, you should copy all four JAR files from the /lib directory to the following location on
the EPICenter server: <epic_install_dir>/extreme/classes.
You must also edit the following file: <epic_install_dir>/jre/lib/security/java.security
so that the list of security providers is as follows:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
security.provider.3=com.sun.rsajca.Provider
Installing the EPICenter Client
The EPICenter software provides two options for connecting to an EPICenter server from a client
system: a stand-alone client application, or a browser-based client you can run from a web browser such
as Microsoft Internet Explorer.
On Solaris-based systems, only the stand-alone client is supported.
NOTE
The browser-based client is supported on Windows-based systems only.
When you run the EPICenter stand-alone client on Solaris-based systems, unset the following
localization environment variables:
• LANG
• LC_MONETARY
• LC_NUMERIC
• LC_COLLATE
• LC_TIME
• LC_CTYPE
• LC_MESSAGES
In order to run the EPICenter web browser client, web browser software must be installed. An
EPICenter client can run on a system with a different operating system than the EPICenter server.
Under Windows 2000 or Windows XP, install Microsoft Internet Explorer 6.0 or Internet Explorer 5.5
with Service Pack 1 and the Java Plug-in.
To download the latest version of Internet Explorer, go to
http://www.microsoft.com/ie/
62
EPICenter Software Installation and User Guide
Installing the EPICenter Client
If you do not have the required Java plug-in installed when you start the EPICenter client, you will be
prompted to download it, and will be led through the brief installation process. This obtains the plug-in
from the Sun Microsystems web site, and requires Internet access.
You can also install the Java Plug-in directly from the EPICenter browser-based client Start-up page. See
Chapter 3 for details on starting the client and obtaining the plug-in, if needed.
Installing the Stand-Alone Client Application on Windows 2000 or
Windows XP
The following instructions assume that Microsoft Windows 2000 or Windows XP is already running.
NOTE
If you installed the EPICenter server software, the client has already been installed as part of the server
installation. Do not re-install the client.
To install the stand-alone client application on a client-only workstation, do the following:
1 Close any open applications.
2 Insert the CDROM into the CDROM drive.
3 If the CD starts up automatically, click cancel to exit the server installation process, the do the
following steps. If the CD does not start up automatically, follow these steps:
a Open My Computer or Windows Explorer, and go to your CDROM drive.
b Go to the nt directory, open the client sub-directory, and start setup.exe.
The EPICenter Client Welcome screen appears.
4 Follow the on-screen instruction to progress through the Welcome screen.
5 Click Yes to accept the license agreement.
6 Enter your company information and click Next to continue.
7 In the Choose Destination Location dialog box, choose one of two options:
• Accept the default target drive and folder displayed in the Destination Folder box.
• Click Browse and select or enter a new folder, a new drive, or both.
8 In the Server Information dialog box, enter the name or IP address of the server to which you want
to connect into the Server field. Enter the HTTP port to use to connect to the server in the HTTP
Port field. The port must match the HTTP port configured for the EPICenter server that you entered
into the Server field. The default is port 80.
Click Next to continue the client installation process.
NOTE
You must enter both the Server and HTTP port information, or leave both fields empty. If you leave
the fields empty, you can enter the server and port information each time you run the client.
9 The installation software then copies the EPICenter Client files from the CD to your system.
EPICenter Software Installation and User Guide
63
Installing the EPICenter Software
10 In the final dialog box, Setup Complete, you can do the following:
• Click the checkbox to indicate you want to view the Read Me file and start the EPICenter client
application.
• Click Finish to complete the installation process.
Installing the Stand-Alone Client Application in the Solaris Operating
Environment
The instructions that follow assume that you are running in a command shell or Xterm window.
NOTE
If you installed the EPICenter server software, the client has already been installed as part of the server
installation. Do not re-install the client.
To install the stand-alone client application on a client-only workstation, do the following:
1 Insert the CDROM into the CDROM drive.
2 If you are running CDE, the contents of the CDROM are displayed in the File Manager. Go to the
sol directory, then to the client sub-directory.
To run an Xterm window:
cd /cdrom<x>/sol/client
where <x> is your CDROM drive number (e.g. cdrom0). The volume label of the installation CD is
epc41b<xx>, where <xx> is the build number, for example epc41b34.
3 Run the installation script:
./client.sh
The EPICenter Client Welcome message appears as follows:
******************************************************************
Welcome to the Extreme Networks EPICenter Client
install program. This program will install:
EPICenter Client version 4.1.0 on this system.
******************************************************************
Please review the following software license terms
and conditions. You will need to accept this license
to continue the installation. Press space to page
through the license.
Press <enter> to view the license:
4 When you press [Enter], the text of the license is displayed. You can use the space bar to page
through it. When you reach the end, you are asked:
Do you agree to the above conditions? (Y/N):
5 Enter Y if you agree and want to proceed. Enter N to terminate the installation process. This
question does not have a default, you must enter Y or N.
64
EPICenter Software Installation and User Guide
Installing the EPICenter Client
6 Next, you are prompted for the directory where the EPICenter Client software should be installed.
Please enter the directory in which the software will be installed.
The default directory is /opt/extreme/epc4_1_client, but the product may be installed
anywhere.
Install Directory [/opt/extreme/epc4_1_client]:
Enter the directory or accept the default (/opt/extreme/epc4_1_client).
NOTE
Make sure there are no spaces in the directory names.
If you specify a directory that does not exist, you are asked whether it should be created:
/opt/extreme/epc4_1_client: No such directory. Do you wish to create it? (y/n) [y]
Assuming you want to create the directory, accept Y as the default. If you answer N, the script will
assume the directory already exists.
7 The installation script now copies and installs the EPICenter Client files:
Installing EPICenter Client files...
After copying a number of files, the following message appears:
File copy complete.
Configuring Installation.
At this point, additional files are copied and the EPICenter Client installation tree is created and
filled out. This will take several minutes.
When the files are complete, you are asked for a set of configuration information.
To configure the EPICenter client, we will need to ask you for some
information. In most case the default answers will work correctly.
Please enter the host name for the EPICenter server: [] localhost
Please enter the http port for the EPICenter server: [80]
The Server Name is the server name or IP address of the EPICenter server to which the client should
connect.
The Server Port is the HTTP port that the client will use to communicate with the server (default is
80).
8 You are asked to confirm the configuration parameters:
*** Configuration
Please review the following items.
Server Name
Server Port
= localhost
= 80
Are these correct? (Y to accept / N to re-enter) [N]:
9 If you accept the parameters by entering Y, the installation script will finish with the following
message:
Would you like to start the client now? (Y/N):
Enter Y to start the EPICenter client now, or N to start it at a later time.
EPICenter Software Installation and User Guide
65
Installing the EPICenter Software
The final messages are:
The EPICenter Client software installation is complete.
INSTALL COMPLETE
When you run the EPICenter stand-alone client on Solaris-based systems, unset the following
localization environment variables:
• LANG
• LC_MONETARY
• LC_NUMERIC
• LC_COLLATE
• LC_TIME
• LC_CTYPE
• LC_MESSAGES
Uninstalling the EPICenter Software
To uninstall the EPICenter software, you must first shut down the server components (database and
web server). Then you can remove the program components from your system.
Uninstalling the EPICenter Server on Windows 2000 or Windows XP
Using the Windows Operating Systems versions, you can run the EPICenter server components as
services, or as regular applications. The uninstall procedure is slightly different for these two situations.
To uninstall the EPICenter server software and all of the EPICenter components, including the
stand-alone client, do the following:
1 Shut down the EPICenter components if they are still running.
If they are running as services:
a From the Start menu, highlight Settings, then select the Control Panel.
b Double-click Services to display the Services Properties window.
c
Highlight EPICenter 4.1 Server and click Stop to stop the EPICenter 4.1 Server
d Stop the EPICenter 4.1 Database Engine in the same manner.
If they are running as applications:
a From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1,
then select Stop EPICenter 4.1 Server. This opens an MS-DOS command window and shuts
down the EPICenter server and database.
2 From the Control Panel folder, double-click Add/Remove Programs. This displays the Add/Remove
Program Properties window (Add/Remove Programs window under Windows 2000 and Windows
XP).
3 From the list of installed programs, select EPICenter 4.1 and click Add/Remove (or Change/Remove
in Windows 2000 or Windows XP). Follow the instructions to remove the component.
66
EPICenter Software Installation and User Guide
Uninstalling the EPICenter Software
4 If the Add/Remove utility is not able to remove all the files, it will inform you of that fact. You must
then delete the remaining files manually.
Uninstalling the EPICenter Stand-Alone Client Application on
Windows 2000 or Windows XP
To uninstall the stand-alone client on a client-only workstation, do the following:
1 From the Control Panel folder, double-click Add/Remove Programs. This displays the Add/Remove
Program Properties window (Add/Remove Programs window under Windows 2000 or Windows
XP).
2 From the list of installed programs, select EPICenter 4.1 Client Application and click Add/Remove
(or Change/Remove in Windows 2000 or Windows XP). Follow the instructions to remove the
application.
3 If the Add/Remove utility is not able to remove all the files, it will inform you of that fact. You must
then delete the remaining files manually.
Uninstalling the EPICenter Server in Solaris
To remove the EPICenter server software from a Solaris host, stop the server using the stopserv
command, then remove the all the files in the installation directory.
To remove the EPICenter server software, including the stand-alone client, follow these steps:
1 Run the stopserv command found in the root installation directory.
The installation directory is the directory (path) where you installed the EPICenter components.
For example, if you installed in the default directory, enter:
/opt/extreme/epc4_1/stopserv
This shuts down the EPICenter server if it is running.
2 Make the parent of the installation directory the current directory, and remove all files from the
directory and its sub-directories.
For example, if you installed using the default directory path, /opt/extreme/epc4_1, enter:
cd opt
3 Remove all files from the installation directory tree.
For example, if you installed using the default directory path, enter:
rm -rf epc4_1
This removes all the EPICenter components, including the database and the stand-alone client, from
the system.
4 The EPICenter installation created a script, EPICenter, in the /etc/init.d directory, and links to
/etc/init.d in the /etc/rc2.d and etc/rc3.d directories. You should remove these as well:
cd /etc/init.d
rm EPICenter
cd /etc/rc2.d
rm K10EPICenter
cd /etc/rc3.d
rm S90EPICenter
EPICenter Software Installation and User Guide
67
Installing the EPICenter Software
The EPICenter software is now completely uninstalled.
Uninstalling the EPICenter Stand-Alone Client Application in Solaris
To uninstall the stand-alone client on a client-only workstation, do the following:
1 Make the parent of the installation directory the current directory, and remove all files from the
directory and its sub-directories.
For example, if you installed using the default directory path, /opt/extreme/epc4_1_client, enter:
cd opt
2 Remove all files from the installation directory tree.
For example, if you installed using the default directory path, enter:
rm -rf epc4_1_client
This removes the EPICenter stand-alone client from the system.
68
EPICenter Software Installation and User Guide
3
Starting EPICenter
This chapter describes:
• Starting the EPICenter Server.
• Launching an EPICenter Client.
• Navigating the EPICenter pages.
When you log in for the first time after installing the EPICenter server software, there are only two user
accounts enabled—an Administrator account “admin,” and a user account “user” with Monitor access
privileges. Neither account has a password. Follow the instructions in Chapter 16 to change the admin
password and to create additional EPICenter user accounts.
Running the EPICenter Server Software under Windows
The following instructions assume that the Windows 2000 or Windows XP operating system is already
running, and that the EPICenter server software is already installed.
If you have installed the EPICenter components as services under Windows 2000 or Windows XP, the
EPICenter Server and database component will start automatically when you boot the server. This is the
recommended method of installing EPICenter.
Starting the EPICenter Server
If you have not installed the EPICenter server components as a service, you must start the server
manually after you boot your server system. You can do this from the Windows Start menu.
The EPICenter Server consists of two components:
• The EPICenter Database Engine
• The EPICenter Web Server
Both components must be running in order to run the EPICenter client applets.
EPICenter Software Installation and User Guide
69
Starting EPICenter
To start the EPICenter Server and database components, follow these steps:
1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to
display the EPICenter menu.
2 Click Start EPICenter 4.1 Server. This runs runserv.exe, a program that starts the two components
in the required order.
Two windows are displayed briefly as the EPICenter Server starts up:
• Sybase Adaptive Server Anywhere. An icon representing this window is placed on the right side of
the Windows task bar.
• An MS-DOS window that shows the processes being started.
If you need to start the server manually, you can use the runserv command in an MSDOS command
window to start the server:
1 Change to the EPICenter install directory, cd <EPICenter_install_directory>
2 Enter the command runserv
You can also select Run from the Start menu and enter the command
<EPICenter_install_directory>\runserv
Shutting Down the EPICenter Server Components
There may be occasions when you need to shut down the EPICenter server, such as to upgrade a license
key from an evaluation to a permanent license, or to add an optional module license.
Components Running as Services
If the EPICenter server components are running as services, follow these steps to shut them down:
1 Open the Control Panel folder.
2 From the Control Panel, double-click Administrative Tools.
3 From Administrative Tools, double-click Services. This displays the Services Properties window. You
must have Administrator privileges to access this function.
4 From the list of installed programs select EPICenter 4.1 Server and click Stop.
5 Repeat the same actions for the EPICenter 4.1 Database Engine.
The EPICenter 4.1 server should be stopped before the database to avoid error messages.
Components Running as Applications
If the EPICenter server components are running as applications, you can shut it down directly from the
EPICenter programs menu.
1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to
display the EPICenter menu.
2 Click Stop EPICenter 4.1 Server. This runs stopserv.exe, a program that starts the two components
in the required order.
70
EPICenter Software Installation and User Guide
Running the EPICenter Server Software under Solaris
Restarting the EPICenter Server Components as Services
If you have installed the EPICenter server components as services, follow these steps to restart them:
1 From the Start menu, open the Control Panel folder.
2 From the Control Panel, double-click Administrative Tools.
3 From the Administrative Tools folder, double-click Services. This displays the Services Properties
window. You must have Administrator privileges to access this function.
4 From the list of installed programs select EPICenter 4.1 Database Engine and click Start.
5 Repeat the same action for the EPICenter 4.1 Server
6 If you want to change the start-up parameters, click Properties... instead of Start.
For example, if you plan to import users from an NT Domain Controller through the Grouping
Manager, the EPICenter 4.1 server must be running with permissions that enable it to get user
information from the Domain Controller. If you do not have those permissions as you are currently
logged on, you can specify a different log on account for the EPICenter web server as a start-up
parameter:
— In the Log On As: section of the Startup... pop up window, enter the account name and password
for a user that has the appropriate permissions to access the Domain Controller.
Running the EPICenter Server Software under Solaris
The following instructions assume that you are using a command or Xterm window running the C
shell.
Starting or Restarting the EPICenter Server
To run the EPICenter Server:
1 Set the current directory:
cd <install_dir>
<install_dir> is the directory (path) where you installed the EPICenter components. If you
installed in the default directory, the path is /opt/extreme/epc4_1.
2 Execute runserv to start the two EPICenter components in the required order.
runserv &
Shutting Down the EPICenter Server Components
To shut down the EPICenter Server:
1 Set the current directory:
cd <install_dir>
<install_dir> is the directory (path) where you installed the EPICenter components. If you
installed in the default directory, the path is /opt/extreme/epc4_1.
2 Execute stopserv to shut down the EPICenter components in the required order.
stopserv &
EPICenter Software Installation and User Guide
71
Starting EPICenter
The EPICenter Client
On Windows 2000 or Windows XP systems, the EPICenter software provides two options for connecting
to an EPICenter server from a client system:
• A stand-alone client application. This is the recommended client option.
• A browser-based client you can run from Microsoft Internet Explorer.
On Solaris-based systems, only the stand-alone client is supported.
The stand-alone client is installed along with the EPICenter server on the system where the server
resides. The stand-alone client can also be installed by itself on any system you want to use as an
EPICenter client. See Chapter 2 for instructions on installing the client on a system without the
EPICenter server.
For Windows 2000 or Windows XP, the browser-based client is a Java applet that is downloaded from
the EPICenter server whenever you run it, and requires the following software on the client:
• Internet Explorer 5.0, or Internet Explorer 5.5 with Service Pack 1, and the Java 1.3.1_03 plug-in.
Running the EPICenter Stand-alone Client
To start the EPICenter stand-alone client interface on a system different from where the EPICenter
server is installed:
1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1
Client to display the EPICenter Client menu.
2 Select Client Application to start the EPICenter client.
An MS-DOS window appears briefly before the EPICenter Client Login window opens, as shown in
Figure 9.
To run the stand-alone client on the same system as the EPICenter server:
1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to
display the EPICenter menu.
2 Select EPICenter 4.1 Client to start the EPICenter client.
If you need to start the client manually, you can use the runclient command in an MSDOS command
window to start the server:
1 Change to the EPICenter install directory, cd <EPICenter_install_directory>
2 Enter the command runclient
You can also select Run from the Start menu and enter the command
<EPICenter_install_directory>\runclient
72
EPICenter Software Installation and User Guide
Running the EPICenter Stand-alone Client
Figure 9: EPICenter installed client Login window
3 In the Server Hostname field, type the name or IP address of the server you want to connect to. If
you are running the client on a system where an EPICenter server is installed, that server name will
appear by default in the Server Hostname field.
4 Type the HTTP port to use to connect to the server in the HTTP Port field. The default is port 80.
The port must match the HTTP port configured for the EPICenter server.
5 If you already have an EPICenter user account, type your EPICenter user name in the User field.
• If you are the network administrator logging in to the EPICenter server for the first time since it
has been installed, log in as “admin.”
You will be able to change the administrator password (strongly recommended) and to create
additional user accounts.
• If you are a new user without your own account on the EPICenter server, type “user” as the User
Name. You will be able to view information in the various modules, but will not be able to
change any configurations.
6 Type your password in the Password field.
Both default names (“user” and “admin”) initially have no password, so you can leave the field
blank.
7 Click Login.
If you are using an evaluation copy of the EPICenter, a dialog box appears notifying you how much
longer the copy is valid.
Click OK.
The Network Summary Report page appears, as shown in Figure 12 on page 77.
For information on the Network Summary Report, see “The Network Status Summary Report Page”
on page 77.
When you disconnect from an EPICenter server, the Login page appears again, allowing you to log in
again, to the same server or to a different EPICenter server.
EPICenter Software Installation and User Guide
73
Starting EPICenter
To exit the EPICenter client, click Quit.
To view the EPICenter version information, click About.
Viewing Reports from the Stand-Alone Client
EPICenter’s HTML reports are always displayed in a browser window, even if you are running the
stand-alone client. See “Browser Requirements for Reports” on page 49 in Chapter 2 for supported
browsers.
Running the EPICenter Client in a Browser
NOTE
The browser-based client is supported on Windows-based systems only.
To start the EPICenter client in a browser window:
1 Launch your web browser.
2 Enter the following URL:
http://<host>:<port>/
In the URL, replace <host> with the name of the system where the EPICenter server is running.
Replace <port> with the TCP port number that you assigned to the EPICenter Web Server during
installation.
NOTE
If the EPICenter server uses the default web server port, 80, you do not need to include the port
number.
The EPICenter Start-up page opens. Figure 10 shows the Start-up page in Internet Explorer under
Windows.
74
EPICenter Software Installation and User Guide
Running the EPICenter Client in a Browser
Figure 10: The EPICenter browser client start-up page
From the Start-up page you can run the EPICenter client interface, view the online documentation, or
log into the EPICenter reports module.
• To launch the EPICenter client interface, click the Launch EPICenter link. This requires that the Java
Plug-in version 1.3.1_03 be installed in your browser.
If the required version of the plug-in is not installed, you will be prompted to download it, and will
be led through the brief installation process. This obtains the plug-in from the Sun Microsystems
web site, and requires Internet access.
You can also install the Java Plug-in directly, if you know you do not have the correct version
installed, or if you encountered problems downloading it. Click the Get Java PlugIn link, which will
install the required version from the EPICenter server installation. This requires access to the system
where the EPICenter server is installed, and does not require Internet access.
The EPICenter Login page appears, as shown in Figure 11.
• From the start-up page you can view a variety of reports about EPICenter devices and functions,
without requiring the Java Plug-in. Click the View Reports link to log into the EPICenter Reports
applet, which provides a number of HTML-based reports. See Chapter 17 for more information on
using these reports.
• Click the View Documentation link to display the online EPICenter Software Installation and User
Guide. This requires that you have a copy of Adobe’s Acrobat Reader (version 4.0 or later) installed.
If you do not have the Acrobat Reader installed, you can download it free of charge from Adobe’s web
site, at http://www.adobe.com.
EPICenter Software Installation and User Guide
75
Starting EPICenter
Figure 11: The EPICenter browser client login page
To log into EPICenter:
1 If you already have an EPICenter user account, type your EPICenter user name in the User Name
field.
• If you are the network administrator logging in to the EPICenter server for the first time since it
has been installed, log in as “admin.”
You will be able to change the admin password (strongly recommended) and to create additional
user accounts.
• If you are a new user without your own account on the EPICenter server, type “user” as the User
Name. You will be able to view information in the various modules, but will not be able to
change any configurations.
2 Type your password in the Password field.
Both default names (“user” and “admin”) initially have no password, so you can leave the field
blank.
3 Click Login.
If you are using an evaluation copy of the EPICenter, a dialog box appears notifying you how much
longer the copy is valid.
Click OK.
The Network Summary Report page appears, as shown in Figure 12 on page 77.
76
EPICenter Software Installation and User Guide
The Network Status Summary Report Page
NOTE
If you have problems with the client display the first time you try to run EPICenter after installing it,
try clearing all browser cache (both memory and disk), then closing and re-opening the browser.
The Network Status Summary Report Page
The Network Status Summary Report page displays a simple HTML report with some basic statistics on
the status of your network. Click on the description of the problem where it is underlined in the
left-hand side of the page to display a detail report about a specific status item.
Figure 12: The Network Status Summary Report page
From this summary report you can view the following reports:
• Summary status of the devices known to the EPICenter server that are not responding to EPICenter
queries.
• A summary of the reported to be in marginal condition (such as a problem with the fan,
temperature, or power).
• The number of devices that are offline for planned service.
• A summary of critical alarms in the last 24 hours that have not been acknowledged.
• A summary of Syslog messages with a priority of Critical or worse that occurred in the last 24 hours.
• A summary of Invalid Login alarms that have occurred in the last 24 hours.
EPICenter Software Installation and User Guide
77
Starting EPICenter
• A summary of Authentication Failure alarms that have occurred in the last 24 hours.
The Network Summary Report can also be accessed from the Reports applet. See Chapter 17 for a more
detailed discussion of these reports.
The Network Status Summary Report also provides version information about the EPICenter software
running on your machine. The information reported includes:
• Software—The EPICenter software.
• Current Version—The version of software currently running.
• Available Version—The number of the most recently available version of the software.
• Status—The status of the software running on this machine.
In order for your machine to verify the latest EPICenter software version, it must access the Extreme
Networks website at http://www.extremenetworks.com. If your network uses a firewall, you can
configure HTTP proxy properties using the Server Properties, External Connections option of the
Admin applet.
To configure an HTTP proxy device and port, see “External Connection Properties” on page 369.
The Distributed Server Summary
If you are running in a Distributed server configuration, a Distributed Server summary appears below
the Network Summary, as shown in Figure 13.
Figure 13: Distributed Server Summary Report
78
EPICenter Software Installation and User Guide
The Network Status Summary Report Page
Each row in the summary provides the status of one of the EPICenter server group members. It
provides the following information about each server:
• The server name. Clicking on the server name initiates the Dynamic Reports module for that
server.You can then run any of the available HTML reports.
• A link that can launch a client connection to the server. Clicking on the Client link launches a client
that attempts to connect to that server.
• The number of devices managed by the server that are up or down
• The number of critical alarms that have occurred on devices managed by the server
• The date and time of the last update of the server summary information for this server
• The status of the server (whether it is responding to the periodic poll)
The “About EPICenter” Page
From the bottom of the Summary Report panel you can navigate to the About EPICenter page.
The About EPICenter page, shown in Figure 14, provides information about the version of EPICenter
that you are running. This information may be needed if it becomes necessary for you to contact
Extreme Networks’ Technical Support.
Figure 14: The About EPICenter page
From this page you can do the following:
• Access the online EPICenter Software Installation and User Guide.
• Send e-mail to Extreme Networks’ technical support organization.
• Return to the Network Summary Report page.
EPICenter Software Installation and User Guide
79
Starting EPICenter
Navigating the EPICenter Applications
The EPICenter client consists of two frames:
• The Navigation Toolbar, from which you can access the EPICenter applets
• The Main Applet frame, where the currently active applet runs.
The Navigation Toolbar
The Navigation Toolbar, on the left, displays a set of buttons you can use to access various EPICenter
modules. The buttons that appear in this Toolbar may include additional modules, such as the
EPICenter Policy Manager, if you have a license for those modules.
• Home returns you to the Network Summary Report display shown in Figure 15. From this page, you
can access the About EPICenter page.
Figure 15: The EPICenter Home page
• Inventory runs the Inventory Manager, where you can discover devices on your network, and set up
device groups and port groups so you can manage network elements in sets rather than individually.
• Alarm runs the Alarm Manager, where you can view and browse alarms that have occurred on your
network devices, as well as define alarms and the actions that should occur when an alarm happens.
This button also indicates that a new alarm has been received by displaying its label in red text
instead of black text.
80
EPICenter Software Installation and User Guide
Navigating the EPICenter Applications
• Config runs the Configuration Manager, where you can upload and download switch configuration
files, and download ExtremeWare software to your switches.
• Find IP/MAC runs the IP/MAC Address Finder applet, where you can search for the ports
associated with one or more MAC or IP addresses, or identify the IP or MAC addresses connected to
a set of ports.
• Groups runs the Grouping applet.
• Telnet runs an interactive Telnet application where you can create and run command-line macros on
multiple devices in one operation. You can also establish telnet sessions with individual switches,
both Extreme Networks and third-party devices.
• EView runs the ExtremeView applet, where you can view status and statistics about your managed
devices, and do Extreme device configuration through Extreme Networks’ interactive web-based
device interface, ExtremeView Vista.
• RT Stats runs the Real Time statistics applet, that provides graphs of various device and port
statistics.
• Topology runs the Topology applet, which gives you a hierarchical, logical map-based view of your
network topology.
• VLAN runs the VLAN Manager, where you can set up and manage VLANs.
• ESRP runs the ESRP Manager, which lets your view the status of your ESRP-enabled switches and
VLANs.
• Admin runs the Administration module, where a user with Administrator access can administer
EPICenter user accounts and the RADIUS server. Other users can change their own password using
this applet.
• STP runs the STP Monitor, which lets you view the status of devices and VLANs configured for STP.
The devices must be running ExtremeWare 6.2.2 or later in order to be monitored by EPICenter.
• Reports runs the Dynamic Reports module, where you can run a number of pre-defined
HTML-based reports from data in EPICenter’s inventory database. You can also define your own
reports.
• Logoff ends your session and returns you to the Login display.
NOTE
Note that you must have Administrator or Manager access in order to use most of the functions of these
applets. Users with Monitor access will be able to view status, statistics etc., but will not be able to set
up or change EPICenter or device configurations.
In addition to the applets described above, the Navigation Toolbar may include icons for other optional
applications that have been integrated into the EPICenter server. These modules or products are
typically purchased separately, and enabled via special license keys. Documentation for these modules
is provided separately from the main EPICenter documentation. These include:
• Policy runs the EPICenter Policy Manager, where you can define QoS policies and access list rules
for implementation on Extreme Networks and Cisco devices. This applet is an optional module that
is licensed separately. It requires the installation of a separate license key. This applet is not available
in scalability mode.
• ServiceWatch runs the EPICenter ServiceWatch software within the EPICenter client browser.
ServiceWatch is not an EPICenter module, but a separate product. You can enable the integration
into the EPICenter Navigation Toolbar through the Server Properties pages in the EPICenter
Administration applet.
EPICenter Software Installation and User Guide
81
Starting EPICenter
Main Applet Frame
The main applet frame is used to display the active EPICenter applet. For example, in Figure 16, the
VLAN Manager is displayed in the main applet frame.
Figure 16: VLAN Manager applet
Applet
function
buttons
Component Tree
Component status/detail
EPICenter applets use a two-panel display within the main applet frame. The two panels are:
• The Component Tree.
• A component status/detail information panel.
In addition, some applets provide an applet-specific set of buttons at the top of the main applet frame.
These provide access to specific applet functions, such as adding, deleting, or configuring components
managed by the applet. Other applets provide tabbed pages for different functions within the applet.
The Component Tree
The left side panel shows the Component Tree. The Component Tree is a nested tree that displays the
components known to the EPICenter database that are relevant to the active module. The Component
Tree may display different types of components depending on which EPICenter module you are
viewing. For example, in the Inventory Manager, the Component Tree shows all the Extreme and
third-party devices known to the EPICenter. In the VLAN Manager, the Component Tree displays
VLANs, as shown in Figure 16. In the Topology view, the Component Tree shows the maps nested
within a topology view.
The Component Tree often includes both folders and individual objects. If a component in the tree has a
plus sign to its left, that means there are subcomponents nested below it. For example, if the component
82
EPICenter Software Installation and User Guide
Navigating the EPICenter Applications
is a VLAN, then it typically has Extreme switches as subcomponents. A switch may have ports as
subcomponents, or slots which in turn have ports.
• Click on the plus sign to display the nested subcomponents.
The plus sign changes to a minus sign.
• Click on the minus sign to hide the subcomponents.
Most objects in the Component Tree are represented both by a text identifier and by a small icon that
represents the type of object. Following are some examples of icons used in the Component Tree:
indicates a device group.
,
,
, and
are examples of device icons.
indicates an untagged VLAN, and
,
,
, and
is a tagged VLAN.
are examples of folder icons.
indicates a general-purpose group in the Grouping module.
indicates a host resource in the Grouping module.
indicates a user resource in the Grouping module.
Devices are identified in the tree by their device name (as defined in the SysName MIB variable) and IP
address. A user with administrator access can change this to reverse the order of the IP address and
device name, or to display the device name only. This is done through a server property set in the
Administration module. See “Other Properties” in Chapter 16 for details on how to do this.
The Status/Detail Information Panel
The right side panel displays information about the component selected in the tree on the left. For
example, Figure 17 shows the Inventory Manager applet, with basic information about the devices
known to the EPICenter.
EPICenter Software Installation and User Guide
83
Starting EPICenter
Figure 17: Inventory Manager applet
• Click on a component in the Component Tree to display information about that component.
In Figure 17, the selected component is the Default device group. The component status/detail panel
displays summary status information about each device in this device group.
A red circle with the white “S” next to a device indicates that the device is not reachable through SNMP.
This indicator may appear in any of the applets where a list of switches is displayed. A grey circle
means the device is offline.
The buttons and frame contents change depending on which applet you are viewing, and also on the
permissions associated with your user account.
Moving the Component Tree Boundary
You can move the boundary between the Component Tree panel and the main applet panel by
following these steps:
1 Place the cursor over the line separating the panels.
2 Click and hold the left mouse button to “grab” the panel separator.
3 Drag the separator until the panels are the desired widths.
Resizing Columns
In a wide columnar display such as shown in Figure 17, you can resize the widths of each column. To
do this, follow these steps:
1 Place the cursor over the line separating the column you want to resize from the column to its right.
2 Click and hold the left mouse button to “grab” the column separator.
3 Drag the separator until the column is are the desired width.
84
EPICenter Software Installation and User Guide
Navigating the EPICenter Applications
Sorting Columns
You can sort the rows of a columnar display according to the contents of any individual column.
• To sort the rows, click on the column heading you want to use as the sort criteria. Click once to sort
in ascending order; click a second time to reverse the sort order.
In most applets, the column that is currently being used as the sort criteria is indicated with a small
triangle in the the column heading cell. The direction of the triangle (facing up or facing down)
indicates whether the sort is ascending or descending.
Applet Function Buttons
For most EPICenter applets, stand-alone buttons at the top of the applet frame provide access to the
functions provided by the current applet. Each button invokes a pop-up dialog box for the function, as
shown in Figure 18.
NOTE
If you have Monitor access, some or all of the buttons in a given applet are not available to you. For
example, in the VLAN Manager, a user with Monitor access can view information about the components
in the Component Tree, but cannot Add, Delete, or Modify VLANs, or perform any port configurations.
Figure 18: Pop-up dialog box for adding a VLAN in the VLAN Manager
A dialog box can contain the following types of fields:
• Page tabs, such as the Properties & Port and IP Forwarding tabs in Figure 18. These are used when
there are multiple pages of settings for a specific function. Clicking a tab displays its page.
• Text fields, such as the VLAN Name field in Figure 18. Enter text or numbers by clicking in the field
and then typing.
To clear a value from a text field, highlight the value with the cursor and press the Del or Backspace
key on the keyboard. You can also highlight the value and just type a new value over the old one.
EPICenter Software Installation and User Guide
85
Starting EPICenter
• Drop-down menu fields, such as the Protocol Filter field in Figure 18. Click in the field to drop down a
menu of choices, then click on your selection to enter the value into the field.
• List box fields, such as the Available Switches field in Figure 18. Click to highlight a value in the
field. Click again to unselect a value.
If there are more entries in the list than can be displayed in the box, a scrollbar is provided at the
right side of the field.
Some list boxes allow multiple selections. Simply click on multiple items to select them. You can also
use [Shift]-click to select the first and last items in a group of contiguous items; all the items between
your first and last selection will be highlighted.
To have the settings you’ve entered take effect, many dialog boxes provide an Apply button. This saves
the settings on the page you are viewing, but the dialog box remains open so you can make additional
changes or change the settings on one of the other pages. For example, you can specify a new VLAN on
the Properties & Ports page as shown in Figure 18, click Apply to commit those settings, then display
the IP Forwarding settings and make changes on that page.
Other dialog boxes may provide a button that executes the function of the dialog, such as Add, or
Delete. Like the Apply button, these often perform the function but leave the dialog box open so you
can perform additional operations.
Most dialog boxes also provide a Close button you can use to exit the dialog box when you are
finished.
In addition, most dialog boxes provide a Reset button. This typically restores the dialog box to the state
it was in when it was invoked, clearing any selections on the screen and resetting the data to the current
information from the EPICenter database.
Printing from EPICenter
Printing is not supported in most of the EPICenter applets. The exceptions are the RT Stats and
Topology applets, which each provide a print function, and the HTML-based reports (the Network
Summary report and the Reports described in Chapter 17.
You can print the HTML reports using the browser print button. However, you should click in the panel
where the report is displayed to ensure that only that panel will be printed. If you print without doing
this, the Navigation Toolbar may not be refreshed, and you will need to refresh the client manually.
86
EPICenter Software Installation and User Guide
4
Using the Inventory Manager
This chapter describes how to use the EPICenter Inventory Manager applet for:
• Viewing the EPICenter device inventory
• Discovering network devices
• Adding network devices to the EPICenter database
• Modifying device contact parameters
• Deleting a device from the EPICenter database
• Updating device information in the database
• Creating default access parameters for network devices
• Finding specific network devices in the database
• Displaying device and device group parameters
Overview of the EPICenter Device Inventory
The Inventory Manager applet keeps a database of all the network devices managed by EPICenter.
EPICenter can discover any devices running MIB-2 compatible agents. It can manage Extreme switches,
and a number of third-party devices.
The EPICenter software provides an automatic discovery function. This feature can discover Extreme
and MIB-2 compatible devices by specific IP address or within a range of IP addresses.
You can also add network devices to the EPICenter database manually, using the Inventory Manager
Add function. Once a network device is known to the EPICenter database, you can assign it to a specific
device group, and configure it using the Inventory Manager, VLAN Manager, Configuration Manager,
Interactive Telnet, ExtremeView, or the optional Policy Manager. You can receive alarms about faults on
the device, and you can view a hierarchical topology layout of the devices known to the Inventory
Manager.
Any EPICenter user can view status information about the network devices currently known to
EPICenter. Users with Administrator or Manager access can run Discovery, and add devices to or delete
devices from the list of managed devices in the database. These users can also explicitly refresh the
information in the database related to the devices that the EPICenter is managing.
EPICenter Software Installation and User Guide
87
Using the Inventory Manager
Device Groups
Devices in the EPICenter are organized into one or more device groups. A device group is a set of
network devices that have something in common, and that can be managed as a group. For example,
devices might be grouped by physical location (Building 1, Building 2, first floor, second floor) or by
functional grouping (engineering, marketing, finance) or by any other criteria that makes sense within
the managed network environment.
An individual device can belong to multiple device groups. For example, a device could simultaneously
be a member of Building 1, Marketing, and Edge Switches. Using device groups, you can monitor and
maintain devices by group membership, instead of individually. All devices become members of a
device group when they are added to the EPICenter database, either through Add Devices or as a part
of the Discovery process. By default, devices are added to the device group “Default,” if you do not
specify otherwise. A device may then be copied or moved to another device group, as appropriate.
Gathering Device Status Information
EPICenter retrieves information about the devices it manages in several ways:
• EPICenter uses SNMP polling for the IP addresses specified in a Discovery request to retrieve the
status information needed by the various EPICenter applets.
• When a switch is added manually to the EPICenter database, EPICenter uses SNMP to retrieve
status information needed by the various EPICenter applets.
• Extreme switches send SmartTraps to EPICenter whenever a change occurs in a switch status
variable in which the EPICenter has registered interest. These include changes to operating variables
as well as configuration changes made through other management entities such as the switch
command line interface or ExtremeWare Vista.
These traps are based on a set of SmartTraps rules that the Inventory Manager creates on the switch
when it is added to the switch inventory. The rules tell the switch what events or changes EPICenter
wants to be notified about. The rules are created on the switch using SNMP. EPICenter also adds
itself on the switch as a trap receiver. The switch uses the SmartTraps rules to determine what traps
to send to EPICenter.
When EPICenter receives a trap from a switch, it then polls the switch for detailed status
information.
• EPICenter polls every network device periodically (approximately every five minutes by default) to
update basic switch status, which is a subset of the status and configuration information kept in the
database. This poll interval is set globally for all devices being managed by the EPICenter server, and
can be changed through the Server Properties settings in the Administration applet. See “Server
Properties Administration” in Chapter 16.
• The EPICenter server polls each device periodically for detailed status information. This is done
much less frequently than the basic status polling—by default, once every 30 minutes for core
(chassis) devices, and once every 90 minutes for edge devices. In EPICenter 4.1, the default is 90
minutes for both the core and edge devices. This poll interval can be set individually for devices
through the Modify Device interface in the Inventory applet (see the discussion “Modifying a
Device” on page 104).
• A user with Administrator or Manager access can use the Sync command from the Inventory
Manager. Sync is a manual update of the regular data gathering mechanisms, for use when the users
believes that the device configuration or status is not correctly reported in EPICenter applets. Sync
causes EPICenter to poll the switch and update all configuration and status information. During a
Sync operation the SmartTraps rules are also reset in case the user has accidentally deleted the trap
receiver or any SmartTrap rules.
88
EPICenter Software Installation and User Guide
Displaying the Network Device Inventory
Displaying the Network Device Inventory
When you click the Inventory button in the Navigation Toolbar, the main Inventory Manager page
appears as shown in Figure 19.
Figure 19: The Inventory Manager applet, main page
NOTE
You must add network devices to the database using Discovery or the Add Devices function in order to
make them “known” to EPICenter. Until this is done, no devices are displayed in the Inventory Manager.
The Device Groups currently defined in the EPICenter database are displayed in the Component Tree in
the left panel.
The panel on the right shows the All Device Groups page, a list of the currently defined device groups
with their descriptions.
The first time you run EPICenter, there is only one device group, Default. You cannot delete or change
the name of the Default device group.
Click on the plus sign to the left of a Device Group name to display the list of switches that are
members of that group.
A red circle with a white “S” next to a device indicates that the device is not reachable through SNMP.
A grey circle indicates the device is offline for maintenance. EPICenter does not attempt to
communicate with a device in the offline state.
EPICenter Software Installation and User Guide
89
Using the Inventory Manager
The buttons at the top of the page provide the following functions:
• Discover lets you find network devices by IP address or range of addresses.
• Add lets you add individual devices and device groups to the database.
• Delete removes a device or device group from the database.
• Modify lets you change the members of a device group, or update a device’s contact parameters in
the database.
• Sync updates the EPICenter database with current device configuration and status information.
• Default lets you create default access parameters for network devices.
• Find searches for devices by name, IP address, or device type, and returns information such as the
device group(s) to which the device belongs.
• Help displays an on-line help page for the Inventory Manager.
Viewing Device Status Information
When you select a device group in the Component Tree, the panel on the right displays a summary
status of the devices in the selected device group (see Figure 20).
Figure 20: Inventory Manager device group summary status
• The status “lights” show the status of each device as detected by EPICenter.
90
EPICenter Software Installation and User Guide
Viewing Device Status Information
Table 3: Inventory Manager Device Status Indicators
Status Light
Green
Yellow
Grey
Red
Device Status
Device is up and OK.
Device is responding, but reports an error condition such as a fan or power supply failure, or
excessive temperature.
Device is offline. EPICenter will not communicate with the device. You can create references
to the device for alarms, policy, groups, device groups, RMON thresholds, and so on. The
network state of the device, including port status, ESRP, configured VLANs, and STP is
preserved when the device comes online.
Device is not responding to EPICenter status queries. This may mean that the device is
down, that it is unreachable on the network, or that the SNMP parameters have changed and
EPICenter can no longer contact the switch.
• The name and type of the device are detected by EPICenter.
• The IP address, software version, SNMP version (version 1 or version 3), device login name, and
setting for SSH2 are also detected by the EPICenter discovery process.
If the switch was added using the Add command, the Inventory Manager shows the values
manually entered into the EPICenter database manually.
Select a switch in the Component Tree on the left to display detailed configuration and status
information, as shown in Figure 21. This display shows additional information that EPICenter has
gathered from the switch agent.
Figure 21: Inventory Manager device status information
The information displayed in Figure 21 is for an Extreme switch. The ExtremeWare software running in
the switch provides comprehensive status information through the Extreme MIB. Figure 22 show the
information displayed for a 3Com device—a subset of the information available for an Extreme device.
EPICenter Software Installation and User Guide
91
Using the Inventory Manager
Figure 22: Inventory Manager information for a 3Com device
Viewing Device Information from Pop-up Menus
You can select a device group or a device in the Component Tree, then right-click to display a pop-up
menu that contains the Modify, Delete, Sync, Take Offline, and Properties commands. All of the
commands—with the exception of the Properties command—perform the same functions as the buttons
at the top of the page, but with the appropriate device or device group displayed. The Properties
command displays the attributes for a specific device group or device and Network Login/802.1x
information. The device pop-up menu also contains the Alarms, Browse, EView, Statistics, Sync, Telnet,
and VLANs commands. All of these commands perform the same functions as the applets in the
Navigation Toolbar to the left of the page, but with the appropriate device displayed.
Modify
The Modify function lets you change the members of a device group, or update the contact parameters
for a device in the EPICenter database.
To view the Modify Device display for a selected device group or device:
• Right-click on the device group or device, then select Modify from the pop-up menu that appears.
This opens the Modify Devices and Device Group window. If you selected a device, the Modify Devices
page is displayed. If you selected a device group, the Modify Device Group page is displayed.
See “Modifying Devices and Device Groups” on page 104 for details on using this feature.
92
EPICenter Software Installation and User Guide
Viewing Device Status Information
Delete
The Delete function lets you delete devices and device groups from the EPICenter database.
To view the Delete display for a selected device group:
• Right-click on the device group, then select Delete from the pop-up menu that appears.
This opens the Delete Devices and Device Group window. The Delete Device Group window displays
the device group name and a description of the device, if available.
To view the Delete display for a selected device:
• Right-click on the device, then select Delete from the pop-up menu that appears.
The Inventory dialog box appears and prompts you to delete the selected device.
See “Deleting Devices and Device Groups from the Database” on page 109 for details on using this
feature.
Take Offline
The Take Offline function switches the device to an offline state. While offline, EPICenter does not
communicate with the device. EPICenter does not process traps or syslog messages received from a
device that is in the offline state. However, you can create references to the device for alarms, policies,
groups, RMON thresholds, and so on. You can also request an interactive telnet session with the device.
Once you bring the device online, the network state of the device is returned and information such as
port status, ESRP, VLAN configuration, STP, and so on is preserved.
To take a device offline:
• Right-click on the device, then select Take Offline from the pop-up menu that appears.
To return the device to the online state:
• Right-click on the device, then select Bring Online from the pop-up menu that appears.
Device
The Device functions lets you view the following information for a device:
• Alarms
• Browse
• EView
• Statistics
• Sync
• Telnet
• VLAN
Alarms. The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser
function to show the alarms for the selected device.
See Chapter 5 for details on using this feature.
EPICenter Software Installation and User Guide
93
Using the Inventory Manager
Browse. The Browse function runs the ExtremeWare Vista switch management interface for the
selected device.
Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
EView. The EView function runs the EPICenter ExtremeView applet and displays the device
front-panel image and device information for the selected device.
See Chapter 10 for details on using this feature.
Statistics. The Statistics function runs the EPICenter Real-Time Statistics applet and displays port
statistics for the selected device.
See Chapter 11 for details on using this feature.
Sync. The Sync function causes EPICenter to poll the switch and update all configuration and status
information.
See “Updating Device Information” on page 111 for details on using this feature.
Telnet. The Telnet function opens an EPICenter telnet window that is connected to the selected device.
See Chapter 7 for details on using this feature.
VLANs. The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently
known to the EPICenter database.
See Chapter 13 for details on using this feature.
Properties
The Properties function lets you view the attributes for a device group or a device.
To view the Properties display for all device groups:
• Right-click on the Device Groups component, then select Properties from the pop-up menu that
appears
The Device Groups Properties window appears and displays the number of device groups and the
names of the device groups that are known to EPICenter.
To view the Properties display for a selected device group:
• Right-click on the device group, then select Properties from the pop-up menu that appears
The Device Group Properties window appears and displays the attributes for the selected device group.
To view the Properties display for a selected device:
• Right-click on the device, then select Properties from the pop-up menu that appears
The Device Properties window appears and displays the attributes for the selected device.
See “Displaying Properties” on page 115 for details on using this feature.
94
EPICenter Software Installation and User Guide
Discovering Network Devices
Discovering Network Devices
EPICenter provides an automatic Discovery function that lets you discover network devices by IP
address.
To discover network devices, do the following:
1 Click the Discovery button at the top of the Inventory Manager main window.
The Discover Devices window, shown in Figure 23, is displayed.
Figure 23: Inventory Manager Device Discovery set up window
2 Click the appropriate boxes to select the types of devices you want to include in the discovery. You
can discover Extreme devices only, or all devices with MIB-2 compatible agents.
3 Specify the device address range you want to discover. You may specify the range in one of two
ways:
— As an IP Address with Wildcards (such as 10.203.10.* or 10.203.?.??)
Valid wildcard characters are *, ?, and
- (dash):
* acts as a wildcard for the entire octet (0-255).
? is a wildcard for a single digit (0-9).
- lets you specify a range for any octet. You can use this in more than one octet.
NOTE
You cannot combine the dash with another wildcard in the same octet.
EPICenter Software Installation and User Guide
95
Using the Inventory Manager
You can also use the IP Address with Wildcards field to specify a single IP address.
Examples:
— As an IP address Range (such as 10.203.10.20 to 10.203.10.45)
IP Address Specification
Addresses Generated
10.203.0.*
polls 10.203.0.0 through 10.203.0.255
10.203.?.??
polls 10.203.0.0 through 10.203.9.99
10.203.0.1? or 10.203.0.10-19
both specify the same range: 10.203.0.10 through 10.203.0.19
10.203.0-2.10-30
polls
10.203.0.10 through 10.203.0.30
10.203.1.10 through 10.203.1.30
10.203.2.10 through 10.203.2.30
NOTE
There are certain IP addresses that are reserved. You should not include these addresses in your
discovery.
•
•
•
•
Class A networks: 0 and 127 are reserved.
Class D networks: 224 - 239 are reserved for multicasting.
All addresses above 239 are reserved.
255 is reserved for broadcast datagrams for either the host or network portion of the IP address.
In addition, certain host addresses may be interpreted as broadcast addresses, depending on the
subnetting of your network.
IP addresses are processed prior to starting the discovery, and IP addresses that contain 255's in
the host portion are eliminated. This is based on the IP address as well as the subnet mask.
4 Specify (or verify) the Subnet Mask size as appropriate. The value in the Subnet Mask field is the
number of bits to be masked, starting from the high-order (left-hand) octet. The default subnet mask
of 24 will mask the three high-order octets.
5 Specify (or verify) the SNMP Read Community string so that EPICenter will be able to retrieve
information from any SNMP version 1 devices it discovers.
6 Select Enable SNMP V3 Discovery, if devices on your network use SNMP version 3.
7 Click the New button to add the range into the Device Discovery Criteria list.
8 Repeat steps 3 through 6 to specify any additional device addresses or ranges for the discovery.
9 If necessary, you can remove an address range from the Device Discovery Criteria list at any time
before you initiate the discovery by selecting the range and clicking the Remove button.
You can remove all address ranges using the Reset button at the bottom of the page.
10 Click the Discover button at the bottom of the window to initiate the discovery.
NOTE
If a discovery request is too large, your browser may not have sufficient memory resources available
to handle it. It is recommended that you break a large discovery task into multiple separate tasks.
A Discovery Results window is displayed as soon as the discovery process begins, as shown in
Figure 24. The panel at the bottom of the window shows the progress of the discovery and displays
96
EPICenter Software Installation and User Guide
Discovering Network Devices
status messages for each device it finds as it works through the set of IP addresses you have
specified.
Figure 24: Results of a discovery, with details visible
— Click the Hide Details button at the bottom of this window to hide the detail display.
— Click View Details to re-display the discovery details.
When the discovery has completed, the set of discovered devices is listed in the top panel of the
Discovery Results window.
NOTE
These devices are NOT automatically entered into the EPICenter database. You must explicitly
select and add devices to the database.
11 To add devices to the EPICenter database, select individual devices or a range of devices in the
Results list, and click the Add button at the bottom of the window.
NOTE
If you select multiple devices, make sure the devices you select have identical contact information.
As part of the Add process, you will be asked for a single password that will apply to all the selected
devices. If the password is specified incorrectly for any of these devices, the add will fail for those
devices.
12 A window appears where you must set additional device options such as a write community string,
the device group to which the devices should be added, a default device login, password, and if SSH
is used (see Figure 25). If there are Cisco devices among the set being added, you must also enter a
Cisco enable password.
Enter or make changes to any of these fields. These options will apply to the entire set of devices
you are adding.
EPICenter Software Installation and User Guide
97
Using the Inventory Manager
NOTE
Make sure the device passwords are correct for the selected devices. If you are adding multiple
devices in one operation, make sure the passwords you specify are correct for each device. A
device cannot be added if the password is not correct.
Figure 25: Setting default device options for discovered devices
13 Click the SNMP tab to configure SNMP settings (see Figure 26).
Figure 26: Setting SNMP default device options for discovered devices
14 Click OK to proceed with the Add process.
A message window (shown in Figure 27) appears to show you the progress of the Add command.
98
EPICenter Software Installation and User Guide
Discovering Network Devices
Figure 27: Message window showing Add Device progress
Devices are listed followed by a small purple rotating clock icon
progress.
while the add function is in
• When a device has been successfully added, the clock turns into a green checkbox
• If the device cannot be added, the clock turns into a red X in the checkbox
is displayed in red.
.
and the device name
The indicators just below the tree area of the window show the number of devices currently in each
state.
To see the messages related to an Add function (either successful or unsuccessful), select a device in the
list. The messages related to the device are displayed as lines under the device node, as shown in
Figure 28.
• Click the plus sign at the left of the device name to display server messages related to adding the
device.
• Click the minus sign at the left of the device to hide the server messages.
• The up and down arrow buttons let you move up and down the device tree, displaying the server
messages associated with each device.
• If you check the Errors Only box, the up and down arrow buttons will expand only devices that had
errors.
• The Collapse All button collapses all the device nodes, hiding all the server messages.
EPICenter Software Installation and User Guide
99
Using the Inventory Manager
Figure 28: Message window showing errors from the Add Device process
CAUTION
If you close the Discovery Results window without adding devices, the results for devices not already in
the EPICenter database are lost. You must perform a discovery again to regenerate information on
those devices.
After the Add has finished, the Discovery Results window is re-displayed. You can select more devices
and specify a different set of Inventory Device Options, and add those devices to the Inventory
Manager.
Adding Devices and Device Groups
Users with Administrator or Manager access can add devices to the EPICenter database, and create
Device Groups. If you have Monitor access only, you may not use this function.
Adding a Device
1 Click the Add button at the top of the Inventory Manager main window.
Select the appropriate tab to display the basic information in the Add Device window, as shown in
Figure 29.
100
EPICenter Software Installation and User Guide
Adding Devices and Device Groups
Figure 29: Add Device window in the Inventory Manager
2 Enter the device IP address that EPICenter uses to access the switch.
You may also enter a DNS-resolvable host name in place of the Switch IP address.
3 Enter the device login, contact password, and device poll interval in the appropriate fields. These are
the parameters that EPICenter uses to access the switch.
The default setting for the device poll interval is 30 minutes for an Extreme modular chassis and 90
minutes for an Extreme stackable chassis.
4 Enter the Cisco Enable Password is used if this device is a Cisco device. If the device is not a Cisco
device, this field is grey.
5 If EPICenter is going to use SSH2 for secure Telnet sessions, select SSH Enabled in the Use SSH
field. SSH2 must be configured on the device in order for an SSH2 session to be established between
EPICenter and the device.
6 Select the device group to which this device should belong. Default is the default group for managed
devices.
NOTE
To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that
supports SSH2. For more information on configuring a device to use SSH2, see the ExtremeWare
Software Users Guide.
To configure SNMP information for the device, click the SNMP tab, as shown in Figure 30.
EPICenter Software Installation and User Guide
101
Using the Inventory Manager
Figure 30: SNMP tab for Add Device window
1 Select the SNMP version from the SNMP Version pull-down menu.
2 If the device is using SNMP version 1, enter the SNMP read and write community strings in the
appropriate fields.
3 If the device is using SNMP version 3, select the following:
SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol. Select either No Privacy or
CBC DES Privacy.
SNMP V3 Privacy Password: If the device is using CBC DES Privacy, enter the privacy password.
SNMP V3 Authentication Protocol: Specifies the SNMP V3 authentication protocol. Select No
Authentication, MD5 Authentication, or SHA Authentication.
SNMP V3 Authentication Password: If the devices is using SNMP V3 Authentication, enter the
authentication password.
4 To clear the contents of the fields and reset them to their default values, click Reset.
5 To add the new device to the database, click Add.
When you click Add, the Inventory Manager adds the devices to the database. It makes a set of SNMP
requests to retrieve data that is needed from the devices by EPICenter applets. If the device is an
Extreme switch, it also creates a set of SmartTraps rules that tell the switch what status and
configuration changes are of interest to EPICenter.
Creating a Device Group
Device groups are sets of managed network devices that have something in common, and that can be
managed as a group. For example, devices might be grouped by physical location (Building 1, Building
102
EPICenter Software Installation and User Guide
Adding Devices and Device Groups
2, first floor, second floor), by department (engineering, marketing, finance), or by any other criteria that
makes sense within the managed network environment.
All devices become members of a device group when they are added to the EPICenter database, either
through Add Devices or as a part of the Discovery process. A device may then be copied or moved to
another device group as appropriate.
To create a new device group, follow these steps:
1 Click the Add button at the top of the Inventory Manager main window.
Select the appropriate tab to display the Device Groups window, as shown in Figure 31.
Figure 31: Add Device Group window in the Inventory Manager
2 Type a name for the device group into the Device Group Name field, and a description (optional)
into the Device Group Description field.
3 To add a device to the selected device group, perform one of the following steps:
a To move a device to the selected device group, select one or more devices in the Available
Devices list and click Move ->. The Move button removes the device from the original device
group and adds it to the new device group.
b To have the device belong to the original device group and the new device group, select one or
more devices in the Available Devices list and click Copy ->.
c
The same device can be moved from several groups to the new group. Select each row for the
device and click Move ->. The Device Group column in the included devices list shows the
Device Group from which the device originated.
EPICenter Software Installation and User Guide
103
Using the Inventory Manager
4 To remove a device from the new device group, select one or more devices in the Included Devices
list, and click <- Remove. The device(s) will be moved from the selected device group and return to
any device groups from which it was moved.
5 Repeat steps 3 and 4 until you have included all the devices that should be members of this device
group.
6 To add the newly created device group to the database, click the Add button at the bottom of the
window.
If you have added a device to more than one device group, the Available Devices list displays a
separate entry for each device group to which the device belongs, as shown in Figure 32.
Figure 32: Device belonging to multiple device groups in Add Device Groups window
Modifying Devices and Device Groups
You can use the Modify function to modify the access parameters for an individual device, or to add
and delete members of a device group. Users with Administrator or Manager access can modify device
contact information and device groups.
If you have Monitor access only, you cannot use this function.
Modifying a Device
You can begin the modify function using the Modify button on the toolbar, or by selecting a device in
the Component Tree, right-clicking to display the pop-up menu, and selecting Modify.
104
EPICenter Software Installation and User Guide
Modifying Devices and Device Groups
To modify the contact information for a managed device in the database, do the following:
1 Click the Modify button at the top of the Inventory Manager main page.
Select the appropriate tab to display the Modify Device window, as shown in Figure 33.
Figure 33: Devices tab of the Modify Devices and Device Groups window
2 To select a device from a specific device group, select the device group from the pull-down list in the
Filter by Device Group field. Select All Devices to view the list of all devices from all device
groups.
3 Select one or more devices in the Devices list for which you want to change contact information.
4 Enter the changed information in the appropriate fields of the Basic tab.
Device IP Address: The IP address of the selected device.
Device Login and Device Contact Password: The login and password needed in order to Telnet to
the device or to use ExtremeWare Vista.
Device Poll Interval: Specifies how frequently the EPICenter server should poll the for detailed
device information, such as software version, bootrom version, and so on. This also includes EDP
and ESRP information for non-”i” series devices. To avoid a potentially large amount of polling
traffic, this detailed polling is only done every 30 minutes for core (chassis) devices and 90 minutes
for edge devices. The default is 90 minutes for both the core and edge devices. You can change this
detailed polling interval by entering a different value in this field.
NOTE
Note that the Device Poll Interval set here is different from the global Poll Interval you can set in the
Administration applet. The global poll interval controls the basic status polling needed to ensure
SNMP reachability, and is typically done much more frequently than detailed device polling.
Cisco Enable Password: Used if this device is a Cisco device. If the device is not a Cisco device, this
field is grey.
EPICenter Software Installation and User Guide
105
Using the Inventory Manager
Use SSH: Selects if EPICenter is going to use SSH2 for secure Telnet sessions. SSH2 must be
configured on the device in order for an SSH2 session to be established between EPICenter and the
device.
NOTE
To configure SSH2 on a device, the device must be running a version of the ExtremeWare software
that supports SSH2. For more information on configuring a device to use SSH2, see the
ExtremeWare Software Users Guide.
Offline: Sets the device to the offline state. The device state can either be offline or online.
5 Enter the changed information in the appropriate fields of the SNMP tab, as shown in Figure 34.
Figure 34: SNMP tab of the Modify Devices and Device Groups window
SNMP Version: The version of SNMP (version 1 or version 3) that EPICenter uses to access the
device.
SNMP Read Community String and SNMP Write Community String: Can be modified if the
device is using SNMP version 1.
WARNING!
If you change the community string for a device so that it no longer matches the string configured in the
device, EPICenter will no longer be able to communicate with the device. For Extreme devices,
EPICenter will display an error message, but it will not necessarily do so for third-party devices. To
avoid this problem, change the community string on the device first, then change it in EPICenter.
SNMP V3 User Name: The principal name used for SNMP V3 authentication and security.
106
EPICenter Software Installation and User Guide
Modifying Devices and Device Groups
SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol. Select either No Privacy or
CBC DES Privacy.
SNMP V3 Privacy Password: If the device is using CBC DES Privacy, enter the privacy password.
SNMP V3 Authentication Protocol: Specifies the SNMP V3 authentication protocol. Select No
Authentication, MD5 Authentication, or SHA Authentication.
SNMP V3 Authentication Password: If the devices is using SNMP V3 Authentication, enter the
authentication password.
6 Click Modify to add the changed information to the EPICenter database.
7 Click Close to cancel the Modify process.
8 Click Reset to reset the values to their defaults.
Modifying a Device Group
Devices are always a member of a device group; devices not explicitly assigned to another device group
are members of the Default device group. This has two effects related to modifying device groups:
• When devices are removed from all other device groups, they are automatically added to the Default
device group.
• Devices cannot be removed from the Default device group using the Remove button in the Modify
dialog. To remove a device from the default device group, you must move it to another device
group.
You can begin the modify function using the Modify button on the toolbar, or by selecting a device
group in the Component Tree, right-clicking to display the pop-up menu, and selecting Modify Device
Group.
To add or remove devices in a device group, do the following:
1 Click the Modify button at the top of the Inventory Manager main page.
Select the appropriate tab to display the Modify Device Group window, as shown in Figure 35.
EPICenter Software Installation and User Guide
107
Using the Inventory Manager
Figure 35: Device Groups tab of the Modify Devices and Device Groups window
2 Select the device group you want to modify. The Included Devices list displays the devices that are
currently members of this group. The Available Devices list displays the other devices known to
EPICenter, and their current device group membership.
3 To change the name or description of the group, type the new text into the Device Group Name and
Description fields.
4 To add a device to the selected device group, perform one of the following steps:
a To move a device to the selected device group, select one or more devices in the Available
Devices list and click Move ->. The Move button removes the device from the original device
group and adds it to the new device group.
b To have the device belong to the original device group and the device group being modified,
select one or more devices in the Available Devices list and click Copy ->.
5 To remove a device from the device group, select one or more devices in the Included Devices list,
and click <- Remove. The device(s) will be moved from the selected device group. If the selected
device group is the only group to which the device belongs, the device is returned to the Default
device group.
Because devices not otherwise assigned are members of the Default device group, you cannot
remove devices from the Default device group. Devices are removed from the Default device group
only when they are moved to another device group or deleted from inventory.
6 Repeat steps 4 and 5 until you have included all the devices that should be members of this device
group.
The Reset button will undo all your add and remove actions, and return both the Available Devices
and Included Devices lists to the state they were in when you started the Modify command.
7 To replace the modified device group in the database, click the Modify button at the bottom of the
window.
108
EPICenter Software Installation and User Guide
Deleting Devices and Device Groups from the Database
Deleting Devices and Device Groups from the Database
Users with Administrator or Manager access can delete devices and device groups from the EPICenter
database. If you have Monitor access only, you cannot access this function.
Deleting a Device
You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the
Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device.
To delete a device from the EPICenter database, follow these steps:
1 Click the Delete button at the top of the Inventory Manager main page.
Select the appropriate tab to display the Delete Devices window (see Figure 36).
Figure 36: Devices tab of the Delete Devices and Device Groups window
2 To select a device from a specific device group, select the device group from the pull-down list in the
Filter by Device Group field. Select All Devices to view the list of all devices from all device
groups.
3 Select one or more devices in the Devices list, and click Delete.
4 Click OK to confirm that you want to delete the device information from the database.
Deleting an online device removes the information about the device from the EPICenter database. This
means that the device can no longer be monitored and managed from the EPICenter application. If the
device is an Extreme switch, deleting it removes any SmartTraps rules, both from the database and the
switch change table. It also removes all information about VLANs, QoS Policy, and Virtual Chassis
connections associated with this switch from the EPICenter database.
EPICenter Software Installation and User Guide
109
Using the Inventory Manager
If the device is offline, the device is removed from inventory. The Smart Trap entries on the device are
not removed.
NOTE
Deleting a device from EPICenter has no effect on the configuration of the device itself, other than
altering the trap receiver table.
Deleting a Device Group
You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the
Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device Group.
To delete a device group from the EPICenter database, follow these steps:
1 Click the Delete button at the top of the Inventory Manager main page.
Select the appropriate tab to display the Delete Device Groups window (see Figure 37).
Figure 37: Device Groups tab of the Delete Devices and Device Groups window
2 Select one or more device groups in the Device Groups list, and click Delete.
3 Click OK to confirm that you want to delete the device group information from the database.
Devices in the deleted device group that are not members of another group are automatically returned
to the Default device group.
110
EPICenter Software Installation and User Guide
Updating Device Information
Updating Device Information
Occasionally, you may want to update the configuration and status information for one or more devices
in the EPICenter database. The Sync operation is a manual update you can use if you believe that the
device configuration is not correctly represented in EPICenter applets. It updates all information for a
selected set of devices, except for the contact information.
If you have Administrator or Manager access to EPICenter, you can perform a Sync. If you have
Monitor access only, you can not use this function.
You can begin the synchronize function using the Sync button on the toolbar, or by selecting a device or
device group in the Component Tree, right-clicking to display the pop-up menu, and selecting the Sync
command.
To refresh the configuration and status information, follow these steps:
1 Click Sync at the top of the Inventory Manager page.
The Synchronize Devices dialog, shown in Figure 38, is displayed, listing the devices in the
EPICenter database.
Figure 38: Synchronize Devices dialog
2 To select a device from a specific device group, select the device group from the pull-down list in the
Filter by Device Group field. Select All Devices to view the list of all devices from all device
groups.
3 Select one or more devices in the Device list.
4 Click Reset at any time prior to initiating the Sync to deselect all device selections and start over.
5 Click Sync to initiate the synchronization process.
The Inventory Manager uses SNMP to retrieve configuration and status information from each
selected switch, and updates the database with that information.
EPICenter Software Installation and User Guide
111
Using the Inventory Manager
6 The Sync function displays a dialog box with status or error information. Click OK to continue.
NOTE
Offline devices display a warning and are not synchronized.
Configuring Default Access Parameters
The Default button allows you to configure a set of default access parameters for network devices you
have not yet discovered. After you configure the default access parameters, the network devices you
discover and add to the EPICenter database will have these default parameters.
1 Click the Default button at the top of the Inventory Manager main window.
The Configure Defaults window, shown in Figure 39, is displayed.
Figure 39: Configure Defaults window, Basic tab
2 Enter or make changes to any of the Basic fields. These options will apply to future network devices
that you add to the EPICenter database.
Device Login and Device Contact Password: The login and password needed in order to Telnet to
the device or to use ExtremeWare Vista.
Cisco Enable Password: Used if this device is a Cisco device. If the device is not a Cisco device, this
field is grey.
Use SSH: Selects if EPICenter is going to use SSH2 for secure Telnet sessions. SSH2 must be
configured on the device in order for an SSH2 session to be established between EPICenter and the
device.
3 Click the SNMP tab to enter or make changes to any of the SNMP fields, as shown in Figure 40.
These options will apply to future network devices that you add to the EPICenter database.
112
EPICenter Software Installation and User Guide
Configuring Default Access Parameters
Figure 40: Configure Defaults window, SNMP tab
SNMP Read Community String and SNMP Write Community String: The SNMP community
strings for devices using SNMP version 1.
SNMP V3 User Name: The principal name used for SNMP V3 authentication and security.
SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol. Select either No Privacy or
CBC DES Privacy.
SNMP V3 Privacy Password: If the device is using CBC DES Privacy, enter the privacy password.
SNMP V3 Authentication Protocol: Specifies the SNMP V3 authentication protocol. Select No
Authentication, MD5 Authentication, or SHA Authentication.
SNMP V3 Authentication Password: If the devices is using SNMP V3 Authentication, enter the
authentication password.
4 Click Reset to clear the contents of the fields and reset them to their default values.
5 Click Save to save your changes to the EPICenter database.
A message window (shown in Figure 41) appears to show you the progress of the Save command.
Figure 41: Message window showing Save progress
6 Click OK to return to the Configure Defaults window.
7 Click Close to exit the Configure Defaults window.
If you make changes to the access parameters and you do not save those changes, the Inventory
dialog box (shown in Figure 42) appears. From the Inventory dialog box, you can apply or not apply
the changes you made, or you can cancel out of the dialog box.
EPICenter Software Installation and User Guide
113
Using the Inventory Manager
Figure 42: Inventory dialog box
Finding Devices
You can search for a device in the EPICenter database by name, by IP address, or by type of device. This
may be useful if you have a large number of devices in your inventory.
To search for a device, follow these steps:
1 Click Find at the top of the Inventory Manager page.
The Find Devices dialog, shown in Figure 43, is displayed.
Figure 43: Find Devices dialog
2 Enter your search criteria:
You can search for devices by name or by IP address. You can limit the search to a specific device
group, or to a specific type of Extreme device. Search criteria can include:
— A device name. Click the Device Name button, and enter a complete or partial name in the
Search: field.
— An IP address. Click the IP Address button and enter a complete or partial IP address in the
Search: field. You can use the wild card characters * or ? in your search criteria.
* acts as a wildcard for an entire octet (0-255)
114
EPICenter Software Installation and User Guide
Displaying Properties
? is a wildcard for a single digit (0-9)
— A device group. Select the device group from the drop-down menu in the device group field. If
you do not specify a name or IP address in the Search field, all devices in the device group you
select will be found.
— A device type. Select the device type from the drop-down menu in the type field. If you do not
specify a name or IP address in the Search field, all devices of the type you select will be found.
3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed
in the center panel. Information includes the device group in which the device can be found, its
name, IP address, and the type of device. There is one entry for each device or device group
combination.
4 Double-click on a device in the results table to highlight the device in the Component Tree, or select
a device in the results table and click OK, to display the associated status information for that device
(see “Viewing Device Status Information” on page 90). If you click OK, the search window will close.
5 Click New Search to clear all search criteria.
6 Click Cancel to close the search window.
Displaying Properties
You can view the properties of a device group or a device in the EPICenter database. This section
describes how to view the device group properties and the device properties.
All Device Group Properties
You can view summary information for all device groups, or view information about individual device
groups.
To view summary information for all device groups, right-click on the Device Groups component and
select Properties from the pop-up menu.
The Device Groups Properties window appears, showing the All Device Groups display (see Figure 44).
EPICenter Software Installation and User Guide
115
Using the Inventory Manager
Figure 44: Device Groups Properties for all Device Groups
The Device Groups Properties window displays the following information:
• Count—The number of device groups known to EPICenter
There is also a table which contains the following columns:
• Device Group—The name(s) of the device group(s) known to EPICenter
• Description—A description of each device group known to EPICenter
You can also view properties for a specific device group. To view properties for a specific device group,
right-click on a device group in the Component Tree and select Properties from the pop-up menu.
The Device Group Properties window appears, showing information about the selected group (see
Figure 45).
116
EPICenter Software Installation and User Guide
Displaying Properties
Figure 45: Device Group Properties for an individual device
The Device Group Properties window displays the following information:
• Device Group—The name of the device group
• Description—A description of the device group
• Count—The number of devices in the device group
There is also a table which contains the following columns:
• Device—The name of the devices that are members of this device group
• IP Address—The IP addresses of the devices that are members of this device group
Device Properties
To view properties for a device, right-click on a device in the Component Tree and select Properties
from the pop-up menu that appears.
The Device Properties window opens, as shown in Figure 46.
EPICenter Software Installation and User Guide
117
Using the Inventory Manager
Figure 46: Device Properties window
The Device Properties window has five tabs at the top of the window:
• Device
• VLAN
• STP
• Network Login/802.1x
• Syslog Messages
Each tab displays the name of the device and a status “light” which shows the status of the device as
detected by EPICenter.
The Device Tab
The Device tab displays information about the device such as its IP address, MAC address, and boot
time. The main section of the window presents the same information you can view in the Inventory
Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the
switch provides comprehensive status information.
118
EPICenter Software Installation and User Guide
Displaying Properties
The VLAN Tab
The VLAN tab lists the VLANs configured on the device. This window shows the following
information about the VLANs on the device:
VLAN
VLAN name
Tag
VLAN tag
Protocol
Protocol filter for the VLAN
IP Address
IP address of the VLAN
Subnet Mask
Subnet Mask for the VLAN
QoS Profile
The QoS profile configured for this VLAN
ESRP
Whether ESRP is configured for this device.
The STP Tab
The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more
than one entry per STPD if the domain includes multiple VLANs.
STP
The STP Domain name
State
The domain state (Enabled or Disabled)
VLAN
The name of the VLAN participating in this domain
Tag
The 802.1Q tag of one of the wholly-contained VLANs in the domain.
Root
Indicates whether this device is currently the STP root bridge for this domain (Yes
or No).
No. of Ports
The number of ports on this bridge participating in this VLAN in this domain. Will
be N/A if the STP domain is disabled on this VLAN.
NOTE
A device must be running ExtremeWare 6.2.2 or later in order for EPICenter to access STP information
for the device. Devices running earlier versions of ExtremeWare may have STP configured, but
EPICenter will not be able to provide information about the configuration.
The Network Login/802.1x Tab
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the device.
Port
The port on the device on which the user is logged in.
User Name
The name of the user.
IP Address
The IP address of the user’s host.
Login Type
The login type, either network login or 802.1x.
MAC Address
The MAC address of the user’s host.
VLAN
The VLAN to which the port belongs.
EPICenter Software Installation and User Guide
119
Using the Inventory Manager
The Syslog Messages Tab
The Syslog Messages tab lists information about the last 500 Syslog Message received from the device.
Time
The time that the message was received.
Severity
The severity level of the message. Severity levels include the following:
• 0—Emergency
• 1—Alert
• 2—Critical
• 3—Error
• 4—Warning
• 5—Notice
• 6—Information
• 7—Debug
Facility
The Syslog facility reporting the message.
Message
The text of the message.
Syslog messages are stored along with traps in the event log. The EPICenter server keeps a minimum of
10days of event history. The event log can be a maximum of 30 MB per file and uses two rotating
archive files. If you want to retain historical even log records, you should backup the event log.
120
EPICenter Software Installation and User Guide
5
The EPICenter Alarm System
This chapter describes how to use the EPICenter Alarm System applet for:
• Viewing the alarms that have occurred
• Defining new alarms and modifying current alarm definitions
• Configuring threshold-based alarms
• Configuring EPICenter as a trap receiver
• Configuring EPICenter as a syslog receiver
Overview of the EPICenter Alarm System
The EPICenter Alarm System provides fault detection and alarm handling for the network devices
monitored by EPICenter. This includes Extreme Networks devices and some third-party devices—those
that EPICenter can include in its Inventory database. The Alarm System provides a set of predefined,
enabled alarms that will immediately report conditions such as authentication or login failures, device
problems such as power supply or fan failures, reachability problems, or device reboots.
The Alarm System also lets you define your own alarms that will report errors under conditions you
specify, such as repeated occurrences or exceeding threshold values. You can specify the actions that
should be taken when an alarm occurs, and you can enable and disable individual alarms.
Fault detection is based on Simple Network Management Protocol (SNMP) traps, syslog messages, and
some limited polling. The Alarm System supports SNMP Management Information Base-2 (MIB-2), the
Extreme Networks private MIB, Remote Monitoring (RMON) traps, and selected traps from other MIBs.
When an alarm occurs you can specify actions such as sending e-mail, running a program, running a
script, or sounding an audible alert.
For convenience, the EPICenter Alarm System provides a number of predefined alarms. These alarms
are enabled by default and are active as soon as the EPICenter server starts up. These include the
following alarms:
• Authentication failure (SNMP MIB-2 trap)
• Invalid login (Extreme proprietary trap)
• Redundant Power Supply (RPS) alarm condition (Extreme proprietary trap)
• ESRP state change (Extreme proprietary trap)
• SNMP unreachable (EPICenter event)
EPICenter Software Installation and User Guide
121
The EPICenter Alarm System
• Configuration upload failure for an upload attempted from the EPICenter system (EPICenter event)
• Overheat (EPICenter event)
• Fan failure (EPICenter event)
• Device reboot (EPICenter event)
• Health Check Failed (Extreme proprietary trap)
• Device Warning from EPICenter (EPICenter event)
• Power Supply Failed (EPICenter event)
NOTE
When Extreme Networks devices are added to the EPICenter Inventory database, they are
automatically configured to send traps to the EPICenter server. To receive traps from non-Extreme
Networks devices, you must manually configure the devices to send traps to the EPICenter server.
To receive syslog messages from an Extreme Networks device, EPICenter must be configured as a
syslog receiver on the device. See “Configuring EPICenter as a Syslog Receiver” on page 153 for more
information.
Not all trap events are supported in older versions of the ExtremeWare software. Please refer to
Appendix C for information on the switch software required for specific traps.
The Alarm Log Browser
Click the Alarm button in the Navigation Toolbar to run the Alarm System applet and view the Alarm
Log Browser. The Alarm button (icon) acts as an alarm indicator — if it is displayed in red instead of
black, it indicates that at least one new alarm has occurred.
122
EPICenter Software Installation and User Guide
The Alarm Log Browser
The Alarm Log Browser page appears, as shown in Figure 47.
Figure 47: The Alarm Log Browser page
Predefined filters
Alarm System module tabs
New alarm
indicator
Current filter definition
Alarm summary
Acknowledged
alarms
The Alarm Log Browser page displays a summary of the alarms that have occurred, optionally filtered
based on criteria you can specify. An alarm can be generated due to an SNMP or RMON trap, a syslog
message, or based on the results of a poll.
By default, the predefined alarms are all enabled; therefore, you may see alarm log entries the first time
you run the Alarm System, even if you have not defined any alarms of your own.
The Alarm Log Browser summary displays the following information for each alarm instance:
• ID — An integer number assigned by the EPICenter Alarm System based on the order in which the
alarm occurred
• Name — A name for the alarm, provided when the alarm is defined
• Category— An optional user-defined classification that defaults to “Default”
• Severity — The severity level associated with the alarm when it was defined
• Source — The IP address of the device that generated the trap or responded to a poll
• Time — The date and time at which the alarm was received
• Message — The message generated by the alarm
• Acked — A green check will be present in this column if the alarm has been acknowledged
EPICenter Software Installation and User Guide
123
The EPICenter Alarm System
The summary is initially sorted by ID in descending numerical order, so that the most recent alarm
appears at the top of the list.
You can sort the display by the contents of any column by clicking on the column heading. Click the
heading a second time to reverse the sort order based on that column.
Acknowledging an Alarm
To acknowledge an alarm:
1 Select the alarm or alarms you want to acknowledge.
2 Click the Acknowledge (Ack) button at the top of the page.
This sets the state of the selected alarms to “acknowledged,” and places a green check in the Acked
field of the selected alarm log entries.
When you acknowledge the most recent alarm, the state of the Alarm button in the EPICenter
Navigation Toolbar also returns to black.
You can “unacknowledge” alarms, if needed,
by selecting the alarms and clicking the Unack button.
The Ack or Unack operation may take a few seconds to update the database. When the update is
complete, the rows are deselected.
Deleting Alarm Log Entries
To delete an alarm log entry:
1 Select the alarm entry or entries you want to delete.
2 Click the Delete button at the top of the page.
This removes the selected alarm log entries entirely from the EPICenter database.
Deleting Groups of Log Entries
You can also delete groups of alarm log entries based on specific filtering criteria that you set, such as
all entries in a certain timeframe, all entries for selected devices, and so on.
To delete a group of alarm entries, click the Delete
alarms with specified conditions button at the top of the page.
The Delete alarm records with specified conditions window opens, as shown in Figure 48.
124
EPICenter Software Installation and User Guide
The Alarm Log Browser
Figure 48: Delete alarm records filter definition window
In this window you can define a filter — a set of conditions — to use to evaluate whether an alarm
record should be deleted. See “Deleting Groups of Log Entries” on page 124 for more detailed
information.
To create a delete filter, do the following:
1 If the “View last 300 alarms” check box is checked, the remaining fields will be greyed-out. Uncheck
the check box to enable the other fields.
2 Select the parameter you want to use as a filter criterion from the pull-down menu in the Field field.
3 Select an operator using the pull-down menu in the Operator field.
4 Enter the value (or values) against which the parameter should be tested. If you have chosen the
Between operator (available for Log ID, Source IP, and Port IfIndex) you will be asked to enter two
values. For some parameters you can select values from a drop-down list.
For a more detailed explanation of defining a filter condition. see “Filtering the Alarm Display” on
page 126.
5 Click the Add/Modify Condition button to add this specification to the filter definition.
You can create a multi-criteria specification using more than one parameter, as shown in Figure 48, as
long as each parameter is different. You cannot filter using multiple specifications of the same
parameter.
For example, in order to delete alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must do this
in two operations.
6 To remove an individual criteria, select it in the current filter list and click the Remove Condition(s)
button. You can select and remove multiple filter criteria.
7 When your filter definition is complete, click Delete.
The alarm records that meet the conditions are deleted.
EPICenter Software Installation and User Guide
125
The EPICenter Alarm System
If you simply want to delete that last 300 alarms, leave the “View last 300 alarms” box checked, and
click Delete.
Viewing Alarm Details
To view the details of an individual alarm:
1 Select the alarm you want to view.
2 Click the Detail button at the top of the page,
or double-click on the alarm entry in the log.
The Alarm Log Detailed Views displayed, as shown in Figure 49.
Figure 49: Detailed view of an Alarm Log entry
This displays detailed information for the selected alarm.
From this window you can view details for other alarms:
• Enter or select an Alarm ID in the Go to alarm field.
• Click the Next button to view the next alarm down in the list (the next earlier alarm based on the
default sorting order).
• Click the Previous button to view the next alarm higher in the list (the next later alarm based on the
default sorting order).
Filtering the Alarm Display
The alarms you see in the Alarm Log browser are displayed based on a filtering criteria. The default
criteria is to display the last 300 alarms from the EPICenter database (assuming you invoked the Alarm
browser from EPICenter’s Navigation Toolbar). You can select other filters from the pull-down field at
the top of the alarm summary display. There are three predefined filters based on time: “7 days ago,”,
Last 24 hours,” and “Yesterday.”
126
EPICenter Software Installation and User Guide
The Alarm Log Browser
If you invoke the Alarm Browser from the Topology applet (using the pop-up menu for a specific node)
the default filter is set to filter on the Source IP of the node you selected.
You can create your own filters based on criteria such as Source IP, Severity, Alarm Name, LogID, and a
number of others. You filter can combine multiple criteria.
To specify your own filter, click the Filter button at the top of the page.
The Define Alarm Log Filter window is displayed, as shown in Figure 50.
Figure 50: Alarm Log filter definition window
The Define Alarm Log Filter window opens displaying either the last filter definition you created, or the
default filter (View last 300 alarms).
To create your own filter, do the following:
1 Click the New button to clear the previous filter definition. If, the View last 300 alarms check box is
checked, this will uncheck it and enable the other fields in the window.
2 Select the parameter you want to use as a filter criterion from the pull-down menu in the Field field.
3 Select an operator using the pull-down menu in the Operator field.
4 Enter the value (or values) against which the parameter should be tested.
The criteria you can specify are as follows:
• Log ID: An integer. You can test equality relationships (equal, not equal, greater than. less than,
greater than or equal, less than or equal) or for a range (Between). If you choose Between you are
asked to enter two values.
• Alarm Name: Text string. You can select an alarm name from the drop-down list in the Value
field, or enter a text string. You can test for an exact match or non-match, or a substring
(Contains). The Contains operator lets you match against a substring (portion of text) that should
be contained in the parameter value.
EPICenter Software Installation and User Guide
127
The EPICenter Alarm System
• Category: Text string. You can select a category from the drop-down list in the Value field, or
enter a text string. You can test for an exact match or non-match, or a substring (Contains).
• Severity: An alarm severity level. You must select a severity level from the drop-down list in the
Value field. You can test for an exact match or non-match.
• Source IP: IP address. Can test for exact match or non-match, or for a range (Between). If you
choose Between you are asked to enter two values. You cannot match on a subnet.
• PortIfIndex: An integer. Can test equality relationships (equal, not equal, greater than. less than,
greater than or equal, less than or equal) or for a range (Between). If you choose Between you are
asked to enter two values.
• Time: You must select a time period from the drop down list in the Value field. Criteria include
periods such as Last 1 Hour, Yesterday, 2 Days Ago, etc. The filter will match all alarms within
the time period.
• Acked: Tests for Yes (matches all Acknowledged alarms) or No (matches all unacknowledged
alarms).
5 Click the Add/Modify Condition button to add this specification to the filter definition.
You can create a multi-criteria specification using more than one parameter, as shown in Figure 48, as
long as each parameter is different. You cannot filter using multiple specifications of the same
parameter.
For example, in order to find and view alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must
use the Between operator to test for all Source IP addresses between these two IP addresses. You
cannot create a filter that includes both Source IP = 10.205.0.55 and Source IP = 10.205.0.61.
6 To remove an individual criteria, select it in the current filter list and click the Remove Condition(s)
button. You can select and remove multiple filter criteria.
7 When your filter definition is complete, you can save it as a named filter, or you can just apply it to
the Alarm Log without saving it. To save it, click Save, and enter a name into the dialog box that
appears.
8 To apply the filter to the Alarm Log summary, click OK. This filters the display based on the criteria
you defined. You do not need to save the filter before you do this.
If you do not save the filter definition before you apply it to the Alarm Log, you can re-open the
Define Alarm Log Filter window and save it then. The filter definition will be retained in the Define
Alarm Log Filter window until you either crete another filter definition, or exit the Alarm System
applet.
To restore the default filter definition, click the View last 300 alarms check box and click OK.
Deleting Alarm Log Filters
You can delete any saved alarm log filters except for the default filter. To delete a filter, do the
following:
1 Click the Delete saved alarm log filters button.
This opens the Delete Filters window.
2 Select the filter you want to delete, and click OK.
128
EPICenter Software Installation and User Guide
Defining Alarms
Pausing All Alarms
You can temporarily stop the processing of all enabled alarms using the Pause/Resume feature.
Click Pause
paused.
to stop processing enabled alarms. EPICenter ignores all traps when its alarms are
To resume processing traps, click Resume
.
Defining Alarms
For convenience, the EPICenter Alarm System provides a number of predefined alarms. These alarms
are all enabled by default and are active as soon as the EPICenter server starts up. The predefined
alarms generate alarm log entries upon occurrence, but no other actions are specified.
You can modify the predefined alarms, or define additional alarms based on a fairly large number of
events.
To view the current alarm definitions, to create new definitions, or to modify existing definitions, click
the Alarm Definition tab at the top of the page. The Alarm System: Alarm Definition page is displayed,
as shown in Figure 51.
Figure 51: Alarm System: Alarm Definition page
To view the settings for an individual alarm, select the alarm. Its definition appears in the fields below
the alarm list. For a definition of the fields in the top portion of the alarm definition, see the section
“The Basic Alarm Properties” on page 130.
EPICenter Software Installation and User Guide
129
The EPICenter Alarm System
Alarm Actions — An alarm action is a function that the alarm system executes when an alarm occurs, in
addition to logging the occurrence of the alarm. By default the predefined alarms have no actions
defined for them (other than logging). Alarm actions can include sending e-mail, sounding an audible
alert, running a program or executing a script. For the predefined alarms, an alarm event will create an
entry in the Alarm Log, but no other actions will occur. You can define additional actions for any of
these alarms.
Alarm Scope — Alarm scope defines which devices can trigger an alarm. The predefined alarms are
scoped by default for all devices and ports. Thus, a trap received from any port or any device will
trigger the corresponding alarm. You can modify the scope of any of these alarms.
Creating a New Alarm Definition
To create a new alarm, click the Add button at the top of the page.
The New Alarm Definition window appears, as shown in Figure 52, and displays the Basic page of the
three-page alarm definition.
Figure 52: The New Alarm Definition window, Basic definition
There are three parts to an alarm definition: the Basic definition, the Scope definition, and the Action
definition. Each is represented on its own page in the New Alarm Definition window.
Use the tabs at the top of the window to move between the three pages. When you are finished with
your alarm definition, click OK, and the alarm will be entered into the Alarm Definition List.
The Basic Alarm Properties
On the Basic page, you define the event-related parameters of the alarm: its name, severity, the event
that will trigger it, and so on. The fields in this window are defined as follows:
• Name — The name of the alarm as it will appear in the alarm log and (optionally) elsewhere. This
defines the variable alarmName
• Enabled — Indicates whether the alarm is “turned on” or not. If you uncheck this box, the alarm
will remain defined but will not be operational
130
EPICenter Software Installation and User Guide
Defining Alarms
• Category — The category assigned to this alarm. Select the category using the pull-down menu at
the end of the field (see the section “Creating a New Alarm Category” on page 138 for more
information). This defines the variable alarmCategory.
• Severity — The severity of the alarm. Select one of the five severity levels from the pull-down menu
(normal, warning, minor, major, critical). This defines the variable alarmSeverity. The severity level
also determines the sound that will be played as an audible alert.
• Event Type — The type of event (SNMP trap, RMON Trap Rising Alarm, RMON Trap Falling
Alarm, EPICenter, or Syslog message). This determines the list of events you can select in the Event
Name field.
An EPICenter event is generated by EPICenter based on the results of its periodic polling. In some
cases, a condition that causes an EPICenter event may also generate an SNMP or other trap. Creating
an alarm triggered by an EPICenter event guarantees that the condition will eventually be detected
by polling even if the corresponding trap is missed.
See Appendix Efor a description of the EPICenter and SNMP events supported by the EPICenter
Alarm System.
Certain SNMP events require configuration on the switch in order to enable specific trap conditions.
RMON events (including Port utilization, temperature, or STP topology change events) and events
based on CPU utilization, are defined through the Threshold Configuration page of the EPICenter
Alarm System. RMON event rules can be configured only on switches running ExtremeWare 6.1 or
later. CPU Utilization rules can only be configured on switches running ExtremeWare 6.2 or later.
To receive Syslog messages, the Syslog receiver function of EPICenter must be enabled, and remote
logging must be enabled with EPICenter configured as a Syslog receiver on the devices from which
you want to receive Syslog messages. See “Configuring EPICenter as a Syslog Receiver” on page 153
for more information. Syslog messages received from devices not managed by EPICenter are
ignored.
For certain other events, you must do the configuration on the switch using an SNMP configuration
tool such as SNMPc. See “Configuring Other SNMP Trap Events” on page 152 for more information.
The event type is concatenated with the event name to define the variable eventTypeName.
• Event Name — The specific event (trap) that should trigger this alarm. Select the event from the
pull-down list provided. For RMON Rising or RMON Falling trap types, the RMON rule name is
used as the event name. The full-down list includes the configured RMON rule names. See
Appendix E for a description of the EPICenter and SNMP events from which you can choose.
The event name is concatenated with the event type to define the variable eventTypeName.
• Pattern Matching on Event Data — You can specify that the alarm should be triggered only if the
data provided with the event matches a specific pattern. If you leave this unchecked, the default is
“Don’t Care.” Pattern matching is done on the contents of the eventData variable.
The pattern matching syntax uses regular expressions. You can use “*” or “%” (asterisk or percent) to
match any sequence of zero or more characters. “?” or “_” (question mark or underscore) can be
used to match any one character.
To match one of a set of characters, enclose the characters in brackets. For example, [abcd] will match
one of a, b, c, or d.
• Message — A message you specify that will be transmitted whenever the alarm occurs. By default,
this field contains the variable eventTypeName. You can delete this variable, add other variables as
provided in the variable pop-up list, and add your own text. For Syslog messages, use the eventData
variable to display the Syslog message.
• Variables... — A pop-up list that provides a list of variables you can select to include in the Message
field. See Table 4 for a definition of the Alarm System variables you can use in the message field.
EPICenter Software Installation and User Guide
131
The EPICenter Alarm System
• Repetitive occurrence specification (If event happens... ) — The required number of repeated
occurrences of the event that must occur before an alarm is generated. You can specify both the
number of times the event must occur, and the time frame within which these events must occur.
This lets you define alarms that will filter out short-lived or non-repeatable events, and will only
take action if the triggering event occurs repeatedly within a sufficiently short time frame.
Table 4: EPICenter Alarm Variables
Variable Name
Description
alarmID
An integer number assigned by the EPICenter Alarm System based on the order in
which the alarm occurred
alarmName
The name of the alarm as defined in the Name field
alarmCategory
The user-defined alarm category assigned to the alarm
alarmSeverity
The severity level assigned to the alarm
alarmRepeatTimes
The number of times the event must occur before an alarm is generated
alarmRepeatPeriod
The time frame within which the repeated events must occur for the alarm to be
generated
alarmSourceDeviceName
The name of the device on which the event(s) occurred (taken from the EPICenter
database)
alarmSourceIP
The IP address of the device on which the event(s) occurred
alarmSourceIfIndex
The interface on the device on which the event(s) occurred
alarmGMTTime
The time at which the alarm occurred, in Greenwich Mean Time
alarmLocalTime
The time at which the alarm occurred, in local time
alarmMessage
The message defined for the alarm (for use by an external program executed as an
alarm action)
alarmActions
The list of actions defined for the alarm
eventLogID
The ID of the event in EPICenter’s event log
eventTypeName
The type of event (SNMP Trap, RMON Rising Trap, RMON Falling Trap, or
EPICenter event) concatenated with the Event Name (the SNMP trap name, RMON
rule name, or EPICenter event name).
eventGenericType
The SNMP Generic Type number of the trap
eventSpecificType
The SNMP Specific Type number for an enterprise-specific trap
eventSpecificTypeStr
The event description
eventEnterprise
The Enterprise portion of the Object ID (OID) of the event
eventData
The data associated with the trap, or the Syslog message content
The Alarm Scope
To define a scope for the alarm, click the Scope tab. The Scope definition page is displayed, as shown in
Figure 53.
132
EPICenter Software Installation and User Guide
Defining Alarms
Figure 53: The New Alarm Definition window, Scope definition
In this window you define the scope of the alarm—the set of devices that can trigger the alarm. You can
define the scope as a set of individual devices, one or more device groups, as a set of individual ports,
or as one or more port groups.
To define the alarm scope, you select a Source Type (and Device Group, if appropriate), select individual
devices, ports, device groups, or port groups, and add them to the Selections list. The scope can contain
a combination of source types.
The fields and buttons in this window are defined as follows:
• Scope on all devices and ports — When this is checked, an event received from any device or
device port will trigger the alarm. In addition, as new devices are added to the EPICenter inventory
database, those devices and ports will also be included in the device scope.
Uncheck the checkbox to enable scoping by specific devices, device groups, ports or port groups.
• Source Type — The source of the scoping definition (Device, Device Group, Port, or Port Group).
Select the type you want from the pull-down list.
Selecting Device Group or Port Group will scope the alarm on all members of the selected group.
Group membership is evaluated every time a trap is received. Therefore, changes to the group
membership (adding or removing devices or ports) will have an immediate effect on alarm
processing.
To scope the alarm on individual devices or ports, select Device or Port.
For events that originate from a device port (such as link down) the scope will determine whether
the alarm is generated based on an event from a single port, or on events from any port on a device,
or from any port on any device in a device group.
For example, if you want to define an alarm that is fired for any port on device A, you can scope the
alarm as “Device,” select the appropriate device group, and select Device A. If you want to define
the alarm only to be fired on selected ports on Device A, then you would scope the alarm as “Port,”
select Device A, and then select the individual ports. You could also define a port group for the
specific ports of interest, the scope the alarm as Port Group and select the appropriate group.
• Select Group — If you select Device or Port as the Source Type, you must select a Device Group to
indicate what set of devices (and ports) you want to see in the Source List.
EPICenter Software Installation and User Guide
133
The EPICenter Alarm System
• Source list (Device/Device Group/Port Group) — The list of components of the specified type. The
field label changes based on the Source Type. It is labeled Device when you select either Device or
Port as the Source Type.
• ifIndex — The list of ports available on the device selected in the Devices Source list. This list
appears only if you have selected Port as the Source Type. Select a device from the Device list, and
the appropriate set of ports for the device appears.
• Selection — The devices, ports, device groups, or port groups that are currently included in the
scope.
• Add-> — Adds the selected Device(s), Port(s), Device Groups or Port Groups to the Selections list,
for inclusion in the scope of this alarm.
• Add All-> — Adds all the components in the Source list to the Selection list.
• <-Remove — Removes the selected components from the Selection list.
• <-Remove All — Removes all the components from the Selection list.
The Alarm Actions
To define actions for the alarm, click the Actions tab. The Action definition page is displayed, as shown
in Figure 54.
Figure 54: The New Alarm Definition window, Action definition
In this window you define the actions for the alarm—the functions that should be performed when the
alarm occurs. You can have the alarm perform any or all of the actions defined here.
The fields and buttons in this window are defined as follows:
• Sound Alert — Click the check box to have the alarm system play an audible alert on the client
computer when the alarm occurs. The alarm will sound on all EPICenter clients currently connected
to the EPICenter server. The sound that is played will depend on the severity level of the alarm.
The alert sound files are kept on the EPICenter server in the directory
<epicenter_installdir>\extreme, and are named according to the severity level they represent
(normal.wav, warning.wav and so on). <epicenter_installdir> is the directory where EPICenter
134
EPICenter Software Installation and User Guide
Defining Alarms
is installed, by default epc4_1 in the Windows operating environment, or /opt/extreme/epc4_1 on
a Solaris system.
• Email to — Click this check box to indicate that e-mail should be sent, then enter the e-mail
address(es) of the recipients for the e-mail. E-mail addresses in a list can be separated by commas,
semicolons, or spaces.
Full email provides the alarm number, alarm name, source IP address and ifIndex, severity and
message in the subject header. In the body of the email it provides the alarm time, alarm name,
alarm category, severity, source IP address and ifIndex, alarm message, the event name that triggered
the alarm, the result of the alarm action, and a URL link to the EPICenter server.
• Short email to — Click this check box to indicate that a short e-mail (appropriate for text paging)
should be sent. Then enter the e-mail address(es) of the recipients for the e-mail. E-mail addresses in
a list can be separated by commas, semicolons, or spaces.
Short email provides the alarm number in the subject header, and the alarm name, source IP address
and ifIndex, severity, and alarm message in the body of the email.
For example, a short email might contain the following information:
Subject: Alarm #4017
Body: link down, 10.255.59.150, ifIndex 17, Normal, SNMP Trap Link Down
If this email format is still too long, you can write a customized email message by writing a script
using the ::extr::sendMail command. See “Writing Tcl Scripts for Alarm Actions” on page 155 for
more information.
NOTE
If this box is greyed out, you must first configure your e-mail settings. See “Setting Up E-mail for the
Alarm System” on page 136 for details.
• Forward Trap to: Click this checkbox to forward the trap event that caused this alarm. Specify the
forwarding instructions in the fields to the right of the check box as follows:
— Host: Enter the host name or host IP address of the system to which the trap should be
forwarded.
— Port: Enter the port on which the specified host receives traps.
— Community String: Enter the community string for the specified host.
NOTE
If you are using SNMP version 3 and a trap is sent by an SNMP version 3-enabled device, it is
forwarded as an SNMP version 2 trap using this community string.
• Run program: Click the check box to have the Alarm System run a program when this alarm occurs.
Enter the command string for the program you want to run. You can include Alarm System variables
as arguments by clicking the Variables... button and selecting the variables you want. See Table 4 on
page 132 for a definition of the Alarm System variables you can use in the message field.
NOTE
On a WIndows 2000 or Windows XP system, if you are running the EPICenter server as a service,
and if you want to run a program that does output to the desktop, you must specify that output to the
desktop is allowed when you start the server service. Otherwise, the program will not run. See the
Alarm System section in Appendix A for instructions on restarting the EPICenter server service with
EPICenter Software Installation and User Guide
135
The EPICenter Alarm System
this option enabled. If you are running the EPICenter server as a regular program, this is not a
problem.
NOTE
If you want to specify a batch file that does output to the desktop, you must specify the “.bat” file
within a DOS “cmd” command, as follows:
cmd /c start <file.bat>
where <file.bat> is the batch file you want to run.
• Execute script: Click the check box to have the Alarm System execute a Tcl script when this alarm
occurs. Enter the script commands into the window provided.
You can write your own scripts that access selected EPICenter database variables. See “Writing Tcl
Scripts for Alarm Actions” on page 155 for more information.
Setting Up E-mail for the Alarm System
Before you can use the e-mail action, you must configure the e-mail capability. Until you do so, the
Email To field and check box will not be available. To configure the e-mail capability, do the following:
1 Click the Settings... button on the Action page.
This displays the Email Settings window, as shown in Figure 55.
Figure 55: Setting up E-mail for EPICenter alarm actions
2 Enter your outgoing mail server name (or IP address) into the SMTP Host: field.
3 Enter into the Sent By: field the e-mail address that should be used as the sender of the e-mail.
4 If your mail server authenticates the user before sending out e-mail, check the My server requires
authentication check box, and enter the user name and password of an account that the SMTP
server will accept. Usually this will be the account you use to log into your network.
If you don’t know whether your server requires authentication, you can go ahead and enter the
authentication information—it will be ignored if it is not actually needed.
Alarm Definition Examples
Example 1: Define an alarm that will page “Joe” at “[email protected]” if port 10 on device
“switch8” goes down.
1 Bring up the New Alarm Definition dialog. On the Basic page, do the following:
a Type a name for the alarm (for example, WAN Link Down) in the Name field.
b Make sure the Enabled checkbox is checked.
136
EPICenter Software Installation and User Guide
Defining Alarms
c
Select a category (e.g. “Default”) in the Category field.
d Select “SNMP Trap” in the Event Type field.
e Select “Link Down” in the Event Name field.
2 Click the Scope tab, and do the following:
a Uncheck the All devices and ports checkbox.
b Select “Port” in the Source Type field.
c
Select “switch8” from the Device list.
d Select “10” from the ifIndex list.
e Click the Add button to add port 10 to the Selection list.
3 Click the Action tab, and do the following:
a Click the Short email to: check box to turn on the check.
b Type [email protected] in the text field next to the checkbox.
4 Click OK to finish the alarm definition.
Example 2: Define an alarm that will page “Joe” at “[email protected]” if any port on device
“switch8” goes down.
1 Bring up the New Alarm Definition dialog. Fill in the fields on the Basic page just as you did in
Example 1.
2 Under the Scope tab, do the following:
a Uncheck the All devices and ports checkbox.
b Select “Device” in the Source Type field, instead of “Port.”
c
Select “switch8” from the Device list as in Example 1.
d Click the Add button to add switch8 to the Selection list. No ifIndex list will be displayed.
3 Click the Action tab, and enter Joe’s paging information as you did in Example 1.
4 Click OK to finish the alarm definition.
Example 3: In a Windows NT environment (where both the EPICenter server and client are running
under Windows), define an alarm that will pop up a message on the Windows client system “joe” if the
port utilization on port 10 on device “switch8” exceeds 15 percent.
This alarm requires an RMON rule with a Rising Threshold of 15 percent for port utilization. You can
define the RMON rule either before or after you define the alarm. See “RMON Rule Configuration
Example” on page 150for an example of how to create the RMON rule.
To create the alarm definition:
1 Bring up the New Alarm Definition dialog. On the Basic page, fill in the Name and Category fields,
and check the Enabled checkbox, just as you did in Example 1.
a Select “RMON Rising Trap” in the Event Type field.
b Enter the RMON rule name in the Event Name field:
If you have already created the RMON rule, you can select it from the pull-down menu in the
Event Name field. For example, if you named the rule “WAN Link 15%”, that name should
appear in the pull-down menu.
If you have not yet created the RMON rule, type in a name for the rule (for example, “WAN Link
15%”). You will need to use this name for the rule when you create it.
EPICenter Software Installation and User Guide
137
The EPICenter Alarm System
See “RMON Rule Configuration Example” on page 150 for an example of how to create the
RMON rule.
2 Click the Scope tab, and enter the port information as you did in Example 1:
a Uncheck the All devices and ports checkbox.
b Select “Port” in the Source Type field.
c
Select “switch8” from the Device list.
d Select “10” from the ifIndex list.
e Click the Add button to add port 10 to the Selection list.
3 Click the Action tab, and do the following:
a Click the Run Program checkbox to turn on the check.
b Type net send joe "$alarmName" in the text field next to the checkbox.
4 This program is only available on the Windows platform.Click OK to finish the alarm definition.
Modifying Alarm Definitions
To modify an alarm, select the alarm in the Alarm Definition
List, and click the Modify button at the top of the page.
The Modify Alarm Definition window is displayed. This window, and its Basic, Scope and Action
pages, are identical to the New Alarm Definition window, except that the current information for the
alarm you selected is filled in.
To modify the alarm, make any changes you want, then click OK. For definitions of the various fields,
see the section “Creating a New Alarm Definition” on page 130.
Deleting Alarm Definitions
To delete an alarm definition, select the alarm in the Alarm
Definition List, and click the Delete button at the top of the page.
After you verify that you want to delete the alarm, the definition is removed from the Alarm Definition
List and from EPICenter’s database. You must remove alarm definitions one at a time.
Alarm Categories
Alarm categories are arbitrary collections of alarms that you can define as appropriate to your needs,
and then assign to specific alarm definitions. For example, you might use categories to designate alarms
from individual buildings, floors, or workgroups. An ISP might define categories for alarms from a
specific customer’s equipment.
By default, all alarms are assigned to the category named Default. This category can be renamed, but it
cannot be deleted.
Creating a New Alarm Category
To create a new alarm category, click the Add button at the top of the window.
138
EPICenter Software Installation and User Guide
Threshold Configuration
A small pop-up window appears into which you can enter the name of the new category. Click OK to
enter the new category into the Category List.
Modifying an Alarm Category
To rename an alarm category, click the Modify button at the top of the window.
A small pop-up window appears and displays the current name of the category. Modify the name and
click OK to enter the revised category into the Category List.
When an alarm category is renamed, all alarms assigned to that category are updated to use the new
category name.
Deleting an Alarm Category
To delete an alarm category, select the category from the Category
List, then click the Delete button at the top of the window.
WARNING!
Deleting a category also deletes all the alarm definitions that are assigned to that category. If you do
not want to delete those alarm definitions, you must first modify the alarm definitions to use a different
alarm category before you delete the category.
A warning message appears to let confirm that you want to delete the category and the alarm
definitions that are assigned to it. Click OK to delete the category and the alarms from the EPICenter
database.
The Default category cannot be deleted.
Threshold Configuration
The Threshold Configuration page lets you define the conditions or rules that will cause certain trap
events to occur, and specify the devices on which these rules should be configured. You can use this
page to define thresholds for RMON utilization or CPU utilization. You can configure RMON threshold
traps for a wide range of variables, but several (specifically port utilization, temperature, and STP
topology change) have been partially predefined to make the rule definition process easier.
In these types of events, traps are generated based on comparing the value of the relevant sample
variable with a threshold value. The rules you set up specify the threshold values. Once these rules are
in place, you can use them in your EPICenter alarm definitions to create alarms that will take actions
when a trap is received for a sample value that crosses one of the thresholds you’ve defined.
There are other SNMP traps supported by the EPICenter Alarm System, but not included in the
threshold configuration function, that may require conditions to be set on the switch to define when a
trap should occur. See “Configuring Other SNMP Trap Events” on page 152for additional information.
In addition to specifying the conditions under which trap events should be generated, you also use this
page to define the target devices on which the event rules should be configured.
EPICenter Software Installation and User Guide
139
The EPICenter Alarm System
NOTE
Creating the rules that control trap (event) generation is only the first of the two steps required to create
EPICenter alarms for these events. Even though you have set up these rules, the trap events generated
as a result will be ignored by the Alarm System until you define alarms that take actions on those
events. See “Defining Alarms” on page 129 for more information.
To view the current threshold configuration rules, and to create new rules or modify existing rules, click
the Threshold Configuration tab at the top of the page. The Alarm System Configuration page is
displayed. Figure 56 shows the Alarm System Configuration page as it appears when displaying RMON
rules for a device.
Figure 56: The Threshold Configuration window showing RMON rules
The Configurations tree shows the existing RMON rule definitions as nodes in the tree, with the devices
to which they are applied shown as subnodes. The main panel shows the definition for the selected rule
on each target device.
CPU Utilization is a predefined node in the Configurations tree. Devices on which a CPU utilization
rule is configured are shown as subnodes of the CPU Utilization node. There can be only one CPU
utilization rule per device.
Click the small plus next to a rule node to display in the tree the devices associated with that rule.
To display the definition of a rule, click the rule node.
140
EPICenter Software Installation and User Guide
Threshold Configuration
RMON Rule Display
For RMON rules, the display shows the following for each device targeted by that rule:
• Device: The name of the device
• Variable: The MIB variable being monitored
• Sample Type: Absolute or Delta
• Sample Interval: The time between samples, in seconds.
• Rising Threshold: A threshold value that will trigger an event when the value of the variable
increments past this value.
• Falling Threshold: A threshold value that will trigger an event when the value of the variable
decreases past this value.
• Startup: The condition that will cause the initial event (Rising, Falling, or RisingOrFalling).
• Index: the device index as obtained by the EPICenter server from the device.
For a detailed definition of these parameters, see “Configuring an RMON Rule” on page 143.
CPU Utilization Rule Display
To display the CPU Utilization rules, click the CPU Utilization node in the Configurations tree.
Figure 57 shows the Alarm System Configuration page as it appears when displaying CPU
Configuration rules for a selected device.
Figure 57: The Threshold Configuration window showing CPU Configuration rules
EPICenter Software Installation and User Guide
141
The EPICenter Alarm System
For each device targeted by that rule, the CPU Utilization rule display shows the following:
• Device: The name of the device
• Variable: The MIB variable being monitored (always extremeCpuUtilRisingThreshold.0)
• Rising Threshold: A threshold value that will trigger an event when the CPU Utilization value (a
percentage) increments past this value.
This value is also used to calculate a Falling Threshold value, which is to be 90% of the Rising
Threshold value.
For a detailed definition of these parameters, see “Rule Configuration for the Predefined RMON Event
Types” on page 148.
Creating an Event Rule
To create a new event rule, click the Add button at the top of the page.
The New Configuration window is displayed, as shown in Figure 58.
Figure 58: New Configuration window for an RMON Rule
There are two parts to an event rule; the rule configuration itself, and the association of the rule to its
target devices.
The New Configuration window comes up with the Configuration page displayed.
In the Configuration Type field, select the type of rule you want to create (RMON Event, CPU
Utilization, Port Utilization, Temperature, or Topology change) from the drop-down list.
NOTE
CPU Utilization is only supported on switches running ExtremeWare 6.2 or later. STP Topology change
traps are only supported on switches running ExtremeWare 6.2.2 or later.
When you finish entering the configuration and target information, click the Apply button, and the new
rule is added to the Configurations tree. For RMON rules, the rule name is included as a “folder” and
142
EPICenter Software Installation and User Guide
Threshold Configuration
each target device for the rule appears as a separate component under that rule. The rule name will also
appear in the Event Name list.
For CPU Utilization rules, each target device for a CPU utilization rule appears as a separate component
under the CPU Utilization “folder” in the Configurations tree.
Configuring an RMON Rule
If you select RMON Event as the Configuration Type, the fields and buttons in this window are defined
as follows:
• Name: The name for this rule.
• MIB Variable: The MIB variable that the rule will monitor.
Type in the complete OID, or click the Look Up... button to bring up a list of variables that are
available, organized by MIB groups, as shown in Figure 59.
Figure 59: A list of MIB variables available for use in RMON rules
Click on a variable group to display the individual variables within the group. You can use the up
and down arrow keys to scroll the list.
You can also type the beginning of a variable name into the MIB Variable field, then type a space,
and the Alarm System will attempt to match your typing to the variable list and auto-complete your
entry.
MIB variables that apply to the entire device will have the suffix “.0” appended to them to create the
complete OID. MIB variables that apply per port will be combined with the port ifIndex to generate
the OID.
NOTE
The MIB variable list displays only the MIBs that were shipped with the EPICenter software. It does
not display table variables in tables indexed by an index other than (or in addition to) ifIndex.
EPICenter Software Installation and User Guide
143
The EPICenter Alarm System
If the MIB variable you want to monitor does not appear in the MIB Variable lookup list, you can
still use the variable by typing its complete OID into the MIB Variable field. Enter the OID in its
numeric form, ending in .0 if it is a per device variable, or in the specific index if it is a per-port
variable. If it is a table variable, you may need to enter each index and apply it to each target device
one by one.
• Description: The description of the MIB variable. This description should specify the units of
measure for the variable, needed in order to correctly specify the Rising Threshold and Falling
Threshold values.
• Rising Threshold: A threshold value that will trigger an event when the value of the variable
increments past this value. An event will be generated when the sample value meets the following
conditions:
— When the sample value becomes greater than or equal to the Rising Threshold for the first time
after the alarm is enabled, if the Startup Alarm condition is set to Rising or RisingOrFalling
— The first time the sample value becomes greater than or equal to the Rising Threshold, after
having become less than or equal to the Falling Threshold
• Falling Threshold: A threshold value that will trigger an event when the value of the variable
decreases past this value. An event will be generated when the sample value meets the following
conditions:
— When the sample value becomes less than or equal to the Falling Threshold for the first time after
the alarm is enabled, if the Startup Alarm condition is set to Falling or RisingOrFalling
— The first time the sample value becomes less than or equal to the Falling Threshold, after having
become greater than or equal to the Rising Threshold
• Sample Type: The method used to compare the variable to the threshold. Specify the type as follows:
— Absolute to use the actual sample value of the variable
— Delta to calculate the difference between the current sample value and the previous sample value
of the variable, and use the difference in the comparison
• Sample Interval (seconds): The interval, in seconds, over which the data is sampled and compared
to the rising and falling thresholds.
• Startup Alarm: The condition that should be met to cause the initial occurrence of this event. Select
from the following:
— Rising: an event will be generated the first time the sample value becomes greater than or equal
to the Rising Threshold value. No events will be generated related to the Falling threshold until
after this has occurred.
— Falling: an event will be generated the first time the sample value becomes less than or equal to
the Falling Threshold value. No events will be generated related to the Rising threshold until
after this has occurred.
— RisingOrFalling: an event will be generated the first time the sample value becomes either
greater than or equal to the Rising Threshold value, or less than or equal to the Falling Threshold
value.
It is important to understand that, except for the initial occurrence of the alarm, an RMON alarm event
will be generated only the when the sample value of the variable crosses one of the thresholds for the
first time after having crossed the other threshold.
144
EPICenter Software Installation and User Guide
Threshold Configuration
NOTE
To configure an alarm using an RMON threshold event, select RMON Rising or RMON Falling as the
Event Type.
The following diagram, shown in Figure 60, shows how alarms are generated for an RMON rule using
Delta values, where the startup alarm condition is set to “Rising” or “RisingOrFalling.”
Figure 60: RMON Alarm event generation
Sampled
variable
value
Initial
sample
value
B
Rising
threshold
Falling
threshold
A
E
C
D
Time (sample intervals)
= alarm event generated
XM_022
Because the initial sample value of the variable is greater than the value of the Rising threshold, an
RMON rising threshold trap is generated. A second trap occurs at the next sample interval (point A)
because the sample variable value is now less than the Falling Threshold. At point B the value again
passes the Rising Threshold, and another trap event is generated. However, no trap occurs at point C,
even though the value of the variable again becomes greater than the Rising Threshold, because the
value has not yet become less than the Falling threshold. Another Rising threshold trap event cannot
occur until after a Falling threshold alarm has occurred, as happens at point D.
Note that in order to have any of these trap events cause an alarm in the EPICenter Alarm System, you
need to define an alarm that responds to a RMON Rising Threshold or RMON Falling Threshold event.
• If you define an alarm based on the RMON Rising Threshold event, then EPICenter alarms will
occur at the initial sample, and at points B and E. Because the alarm is defined to respond to RMON
Rising Threshold events, the falling threshold trap events that occur at points A and D do not trigger
an EPICenter alarm.
• If you also define an alarm based on an RMON Falling Threshold event, then EPICenter alarms
would also be generated at points A and D.
For a more detailed discussion of Remote Network Monitoring alarm behavior, refer to a book such as
SNMP, SNMPv2, SNMPv3, and RMON 1 and 2, Third Edition, by William Stallings (Addison-Wesley,
1999).
EPICenter Software Installation and User Guide
145
The EPICenter Alarm System
Configuring a CPU Utilization Rule
NOTE
CPU Utilization is only supported on switches running ExtremeWare 6.2 or later.
If you select CPU Utilization, only the Rising Threshold field allows input, as shown in Figure 61. The
other fields and buttons in this window are predefined.
Figure 61: New Configuration window for a CPU Utilization Rule
The fields displayed are defined as follows:
• Rule Name— For CPU Utilization, the name is predefined because there can only be one rule of this
type on a device.
• Rising Threshold— A threshold value, in percent, that will trigger an event when the CPU
utilization rises past this value. This value is also used to compute a falling threshold, which is
defined as 80% of the rising threshold.
• Description: The description of the extremeCpuUtilRisingThreshold MIB variable.
The other parameters that you can set when you configure an RMON event, are predefined in the
Extreme switch agent for a CPU Utilization event. These are:
• MIB Variable: The MIB variable is predefined to be extremeCpuUtilRisingThreshold.0.
• Falling Threshold: This is predefined as 80% of the rising threshold
• Sample Interval: The sample interval for a CPU Utilization alarm is also predefined, and is set to 3
seconds
• Sample Type: The sample value (a percentage) is always an absolute value
• Startup Alarm: The Startup condition is predefined to be Rising
NOTE
To define an alarm for a CPU Utilization threshold event, select SNMP Trap as the Event Type, then
select CPU Utilization Rising Threshold or CPU Utilization Falling Threshold as the Event Name.
146
EPICenter Software Installation and User Guide
Threshold Configuration
If you define an alarm for a CPU Utilization Rising Threshold event, an alarm will be generated each
time the sample value meets the following conditions:
— When the sample value becomes greater than or equal to the Rising Threshold for the first time
(including the initial sample) after the alarm is enabled.
— The first time the sample value becomes greater than or equal to the Rising Threshold, after
having become less than or equal to the Falling Threshold (80% of the Rising threshold).
If you define an alarm for CPU Utilization Falling Threshold events, an event will be generated each
time the sample value meets the following conditions:
— The first time the sample value becomes less than or equal to 80% of the Rising Threshold, after
having become greater than or equal to the Rising Threshold.
It is important to understand that, except for the initial occurrence of a Rising Threshold alarm, a CPU
Utilization alarm will be generated only the when the sample value of the variable crosses the target
threshold for the first time after having crossed the other threshold.
The diagram shown in Figure 62 illustrates how CPU Utilization trap events will occur once you have
configured a CPU Utilization rising threshold. The startup condition for a CPU Utilization event is
always predefined to be Rising.
Figure 62: CPU Utilization event generation
Sampled
CPU
utilization
value
Initial
sample
value
B
C
A
Rising
threshold
Falling
threshold
(90% of
rising)
Z
X
Y
Time (sample intervals)
= alarm event generated
XM_023
The first CPU Utilization trap occurs at the initial sample value, since the value is above the CPU
Utilization Rising threshold. If the initial value were below the Rising threshold, no event would occur.
The second event occurs at point X, because the sample value has fallen below the falling threshold,
which is defined as 80% of the rising threshold value. The third event occurs at point A because the
sample value is again above the Rising Threshold after having fallen below the Falling threshold. At
point B the value again passes the Rising Threshold, but no alarm is generated because the value has
not yet become less than the Falling threshold. Another Rising threshold alarm cannot occur until after
a Falling threshold event has occurred, which happens at point Y. The next Rising threshold event
happens at point C.
EPICenter Software Installation and User Guide
147
The EPICenter Alarm System
Note that in order to have any of these events cause an alarm in the EPICenter Alarm System, you need
to define an alarm that responds to a CPU Utilization Rising Threshold or CPU Utilization Falling
Threshold event.
• If you define an alarm based on the CPU Utilization Rising Threshold event, an EPICenter alarm will
occur at the initial sample, and at points A and C. Because the alarm was defined to respond to CPU
Utilization Rising Threshold events, the falling threshold trap events that occur at points X and Y do
not trigger an EPICenter alarm.
• If you also define an alarm based on a CPU Utilization Falling Threshold event, then EPICenter
alarms would be generated at points X and Y.
Rule Configuration for the Predefined RMON Event Types
The Port Utilization, Temperature and Topology Change configuration types are actually RMON
utilization rules with a predefined configuration interface. The New Configuration window is the same
(see Figure 61), except that you must provide a name for the rule.
NOTE
STP Topology change traps are only supported on switches running ExtremeWare 6.2.2 or later.
The fields in this window are defined as follows:
• Rule Name: The name for this rule. For these events, this is user-defined.
• Rising Threshold: A threshold value that will trigger a trap event when the value of relevant
variable rises past this value. The thresholds are specified based on the configuration type as follows:
— Port Utilization — A threshold value, in 100ths of a percent, that will trigger an event when the
port utilization rises past this value.
— Temperature — A threshold value, in degrees celsius, that will trigger an Overheat event when
the temperature rises past this value.
— Topology Change — An integer threshold value that will trigger a topology change event when
the total number of topology changes seen by this device since the management entity was last
reset or initialized, rises past this value.
For these rules, like a CPU utilization rule, the falling threshold is automatically defined based on
the value of the rising threshold. The falling threshold is set to be 90% of the rising threshold value.
• Description: The description of the relevant MIB variable for the selected rule type.
The other parameters that you can set when you configure an RMON event, are predefined in the
Extreme switch agent for these three events. These are:
• MIB Variable: The MIB variable is predefined to be one of the following:
— For Port utilization: extremeRtStatsUtilization.0
— For Temperature: extremeCurrentTemperature.0
— For Topology Change: dot1dStpTopChanges.0
• Falling Threshold: This is predefined as 90% of the rising threshold.
• Startup Alarm: The Startup condition is predefined to be Rising or falling.
• Sample Interval: The sample interval is also predefined, and is set to 15 seconds.
• Sample Type: The sample value is an absolute value.
148
EPICenter Software Installation and User Guide
Threshold Configuration
NOTE
To define an alarm using one of these predefined threshold events, select RMON Trap Rising Alarm or
RMON Trap Falling Alarm as the Event Type in the Alarm Definition window.
Configuring the Rule Target
Click the Target tab to display the New Configuration Target page, as shown in Figure 63.
This page lets you specify which devices should be configured to generate the event you have defined.
Figure 63: RMON target selection window
The fields and buttons in this window are defined as follows:
• Source Type: The source of the RMON rule targets (Devices, Device Groups, Ports, or Port Groups).
Select the type you want from the pull-down list. The choices you have are determined by the
variable you selected for the rule. For example, if the variable you have selected to monitor is
applied per port, you will be able to select by Port or Port Group.
• Source List (Device/Device Group/Port Group): The list of components (devices or groups) of the
specified type. The field label changes based on the Source Type. It is labeled Device when you
select either Device or Ports (a second Port field is provided for port selection).
Note that when you leave your cursor on a device for a moment, a pop-up displays the IP address of
the device.
• Source List (Port): The list of ports available on the device selected in the Devices Source list. This
list appears only if you’ve selected Ports as the Source Type. Select a device from the Device list, and
the appropriate set of ports for the device appears.
• Selection: The devices, ports, device groups, or port groups that are currently targets for the RMON
rule.
• Add->: Adds the selected Device(s), Port(s), Device Groups or Port Groups to the Selections list, for
inclusion as a target for this rule.
• Add All->: Adds all the components in the Source list to the Selection list
• <-Remove: Removes the selected components from the Selection list.
EPICenter Software Installation and User Guide
149
The EPICenter Alarm System
• <-Remove All: Removes all the components from the Selection list.
RMON Rule Configuration Example
Example: Create an RMON rule that will cause an RMON Rising Trap when port utilization on port 10
of device “switch8” exceeds 15%.
1 Bring up the New Configuration dialog. On the Configuration page, do the following:
a Type a name for the rule in the Name field (for example, “WAN Link 15%”).
If you have already created an alarm definition that will use this rule, make sure the name
matches the name you entered in the alarm definition.
b Click the Look up... button to display the Select MIB Variable dialog.
c
Expand the Extreme folder, select the extremeRtStatsUtilization variable, and click OK to
enter it into the MIB Variable field.
d Type “1500” in the Rising Threshold field. Note that for this variable the value must be in
hundredths of a percent.
e Type a smaller value, for example “1450” in the Falling Threshold field.
f
Leave the Sample Type as “Absolute” and the Sample Interval at the default value (15).
g Select Rising for the Startup Alarm field.
2 Click the Target tab and do the following:
a Select Port as the Source Type
b Select “switch8” from the Device list
c
Select 10 from the ifIndex list
d Click Add to add the port to the Selection list
3 Click the Apply button to configure the rule on device switch8.
A message window will appear with the device configuration results.
4 Verify that no switch configuration errors have been reported, and click OK to dismiss the window.
5 Click Close to dismiss the New Configuration dialog.
Modifying a Rule
Once a set of RMON rules have been created, they must be modified individually. To modify a RMON
rule do the following:
1 Select the rule folder or the individual rule name in the Configurations tree to display the rule
details in the main panel of the window.
2 Select the individual rule you want to modify
3 Click the Modify button at the top of the page.
The Modify Configuration window is displayed for the target you selected.
150
EPICenter Software Installation and User Guide
Threshold Configuration
Figure 64: Modify Configuration window for RMON rules
The window shows the same information as the Configuration page of the New Configuration window,
but with the information for the current target filled in.
See “Configuring an RMON Rule” on page 143 for a definition of the fields on this page. This window
is displayed for all existing RMON rules, including the three predefined rules (Temperature, Port
Utilization, and Topology Change). For CPU Utilization rules, only three fields are shown, and only the
Rising Threshold field can be changed.
Note that if you change the name of this rule, the new rule will be added as a “folder” in the
Configurations tree, and this specific rule target will be moved under the new rule.
Deleting a Rule
To delete an RMON or CPU Utilization rule, do the following:
1 Select the rule folder or the individual rule name in the Configurations tree to display the rule
details in the main panel of the window.
2 Select the individual rule or rules you want to delete
3 Click the Delete button at the top of the window.
4 When the warning asking you to confirm that you want to delete is displayed, click Yes to delete the
rule(s) or No to cancel the action.
When you delete a rule, the alarm definition that references the rule is not deleted.
Resynchronizing the RMON Rules
To resynchronize EPICenter’s database with the RMON rules in place on a switch, do the following:
1 Click the Sync button at the top of the window.
The Synchronize RMON Rules window is displayed, as shown in Figure 65.
EPICenter Software Installation and User Guide
151
The EPICenter Alarm System
Figure 65: The Synchronize RMON Rules window
You can resynchronize individual devices or all devices in a device group.
2 To select a device group, select Device Group from the pull-down list in the Source Type field. A list
of device groups will be displayed.
To select individual devices, select Devices in the Source Type field. A list is displayed showing all
the Extreme Networks devices managed by EPICenter.
3 To add a device or device group to the Selection list, select the device or device group and click
Add ->. To add all devices or device groups in the list, click Add All ->.
4 To remove a device or device group from Selection list, select the item and click <- Remove. To
remove all devices or device groups, click <- Remove All.
5 Click Synchronize to initiate the synchronization process.
The Alarm Manager uses SNMP to retrieve configuration and status information from each selected
switch, and updates the database with that information.
6 The Synchronize function displays a dialog box with status or error information. Click OK to
continue.
7 Click Close to exit the Synchronize RMON Rules window.
Configuring Other SNMP Trap Events
There are a number of SNMP events that require configuration on the switch before they can be used in
EPICenter alarm definitions. If the configuration is not done on the switch, no trap events are generated,
and no EPICenter alarms for those events can occur. The Ping and OSPF traps fall into this category.
To configure the switch to send one of these traps, you must use a tool that allows you to set the value
of the appropriate SNMP variable. Tools such as SNMPc can be used to perform this function. The
following information assumes that you have a thorough understanding of SNMP and an appropriate
SNMP utility.
Refer to the appropriate MIBs for details of the variable settings:
• Ping MIB: pingmib.mib (RFC 2925)
• OSPF v2 MIB: RFC 1850 or RFC 1850t
152
EPICenter Software Installation and User Guide
Configuring EPICenter as a Syslog Receiver
Configuring EPICenter as a Syslog Receiver
To receive Syslog messages, the Syslog receiver function of EPICenter must be enabled, and remote
logging must be enabled with EPICenter configured as a Syslog receiver on the devices from which you
want to receive Syslog messages.
The Syslog server function within EPICenter can be enabled through the Administration applet. See
“Devices Properties” in Chapter 16 for more information.
On the device side, remote logging must be enabled, and the switch must be configured to log to the
EPICenter server. The default on Extreme Networks switches is for logging to be disabled. You must use
the EPICenter Telnet applet or the ExtremeWare CLI to configure your switches. To enable remote
logging on a switch, enter the ExtremeWare command:
enable syslog
To configure the EPICenter server as a Syslog server, enter the ExtremeWare command:
config syslog <EPICenter IP address> <facility>
You must enter the IP address of the EPICenter server, and a facility level, which can be local0 through
local7. See the ExtremeWare Software User Guide or the ExtremeWare Software Command Reference Guide
for more information on these commands.
To configure remote logging on multiple devices, you can run these commands as a macro in the
EPICenter Telnet module.
You can also include a severity in the config syslog command, which will filter log messages before
they are sent to the EPICenter Syslog server. The EPICenter Syslog server will in turn filter the incoming
messages based on the severity you set using the Accept SysLog messages with Min Severity property
setting in the Administration applet.
Setting EPICenter as a Trap Receiver
When Extreme devices are added to the EPICenter inventory, they are automatically configured to send
traps to the EPICenter server. However, third-party devices are not automatically configured to do so.
If you want alarms to function for third-party devices, you must manually configure the devices to send
traps to the EPICenter server.
The information required to set up EPICenter as a trap receiver is the following:
• The IP address of the system where the EPICenter server is running.
• The EPICenter server trap port. By default this is 10550. (This is set in the properties file
extreme.properties, found in the <epicenter_installdir>/extreme subdirectory).
EPICenter Software Installation and User Guide
153
The EPICenter Alarm System
• The EPICenter server community string. This is a string in the form:
ST.<value of IP address>.<value of trap port>
The value of the IP address is the decimal equivalent of the hex value of the IP address.
For example, if the IP address of the EPICenter server is 10.0.4.1, you would calculate the decimal
equivalent by doing the following:
a Convert each quad of the IP address to its hex equivalent:
Decimal
10
0
4
1
Hex
a
00
04
01
b Convert the hex value a000401 into a decimal value, in this case 167773185
c
Put the three components together to form the community string:
ST.167773185.10550
You can find and verify the value of the community string by using Telnet to log into an Extreme
Networks device that is being managed by EPICenter, and using the ExtremeWare CLI command
show management to display the list of trap receivers configured for that device. The EPICenter
server, and its community string, should be included in this list.
To receive RMON traps, you need to ensure that RMON is enabled on the device. For Extreme devices,
you can do this through the ExtremeWare CLI with the command enable rmon.
Log Archive
The EPICenter server stores a minimum of 10 days of event log history and a minimum of 10 days of
alarm log history in the server database. Excess data from the event log and alarm log are archived to
files. The event log archive is made up of two 30MB rotating archive files and includes all traps and
Syslog messages. The event log is stored in a file called event_log.txt and the archive file is called
event_log.old.
The alarm log archive is made up of two 6 MB rotating files and includes all alarms associated with
traps and Syslog messages. The alarm log is stored in a file called alarm_log.txt and the archive file is
called alarm_log.old.
Archiving is performed once every 24 hours. If you need to store additional historical data beyond the
two 30 MB file limit for events and the 6 MB file limit for alarms, you can periodically make backup
copies of the archive files to a separate location. Refer to Appendix F, “EPICenter Backup” for more
information about alarm log backups.
154
EPICenter Software Installation and User Guide
Writing Tcl Scripts for Alarm Actions
Writing Tcl Scripts for Alarm Actions
An EPICenter alarm can call a Tcl function as an alarm action. This Tcl function can be a user-defined
Tcl script that is executed in the EPICenter server.
There is an example script in the <epicenter_install_dir>/user/alarms directory called
example.tcl that you can use as a guide to writing a Tcl function for an alarm action.
You can access the EPICenter alarm variables for use in your script, as demonstrated in the example
script. These variables are defined in Table 4 on page 132.
The Tcl Scripting Environment
The scripting environment for alarm actions is a fully operational Tcl environment. In this environment,
a Tcl action script can save states across multiple alarms using global variables, access alarm instance
data, access event log data, and access other EPICenter server-side data. In order to protect the
EPICenter server from malicious or erroneous alarm action scripts, the alarm script execution
environment uses the “safe interpreter” ability of the Tcl system.
The safe interpreter is a slave of the main EPICenter server-side Tcl interpreter (master interpreter). The
functions of the safe interpreter are restricted so that it cannot do harm to the overall EPICenter server.
A safe interpreter creates a private “sandbox” in which the alarm action scripts executes. The master
interpreter hides certain functions from the scripts inside the sandbox. The master interpreter performs
some other functions on behalf of the slave interpreter. By performing functions for the slave, the master
has a chance to check to see if the slave’s request is valid. If not, the master rejects the slave’s request.
The following table summarizes the Tcl commands that are deemed dangerous for use by a Tcl alarm
action script. Some of these commands are removed entirely from the Alarm Tcl environment. Others
are aliases so that the master interpreter can intercept the command call to provide restricted operations.
Table 5: Command Restrictions in EPICenter Tcl Safe Interpreter
Tcl
Command
Hidden
in Safe
Interp
Explicit
Hide by
EPICenter
Alias in
Master
Description
cd
✔
file
✔
pwd
✔
Not allowed
exec
✔
Not allowed
glob
✔
✔
Full functions
socket
✔
✔
No server-side socket, client socket is opened in async mode;
the opened client socket is placed in nonblocking mode using
the default buffer size; the number of open socket is restricted
exit
✔
Not allowed
load
✔
Not allowed
source
✔
EPICenter Software Installation and User Guide
Not allowed
✔
✔
Only allow: attime, attributes (read-only), dirname, executable,
exists, extension, isdirectory, isfile, join, lstat, mtime,
nativename, owned, pathtype, readable, readlink, rootname,
size, split, stat, tail, type, volume, writable
Only from standard $tcl_library and user/alarm
directory, and subdirectories
155
The EPICenter Alarm System
Table 5: Command Restrictions in EPICenter Tcl Safe Interpreter (continued)
fconfigure
✔
✔
All channels are non-blocking by default, cannot set channel to
blocking; cannot set channel buffer size
open
✔
✔
Can only open file in user/alarm and its subdirectories; file
is opened in nonblocking mode using the default buffer size;
number of open file is restricted
vwait
✔
encoding
✔
not Allowed
✔
after
puts
✔
Cannot change system encoding scheme
✔
Cannot do “after ms”, which does not respond to events
✔
puts data to stdout
The following table outlines the EPICenter server side commands that available in the slave interpreter
through aliases.
EPICenter
Command
Alias in
Master
extr::query
✔
Description
Retrieve server-side data from the database. Syntax:
extr::query {} ?-raw? sql ?arg arg ...?
{}
The first argument must be {}. Using {} signals the command to retrieves
data from the EEM server, in which the alarm action scripts are executing.
-raw
(Optional) If specified, the result of the query is returned unparsed as a
string containing the data in the XML format.
sql
The sql query
arg ... Arguments to the sql query for variable substitution
extr::sendMail
✔
Sends e-mail through the EPICenter server. Syntax:
extr::sendMail toList from subject body ?smtpHost? ?login?
?password?
toList
A list of recipient’s email addresses
from
The email address of the sender
subject
body
The subject of the email
The text of the email
smtpHost (Optional) The host ip address of the SMTP host. If not specified, use the
default as defined in the alarm system.
login
(Optional) The login name to the SMTP host
password (Optional) The password to the SMTP host
extr::postEvent
✔
Log an event to the server’s event log. The event time is logged. Syntax:
extr::postEvent message
message - the message of the event
156
EPICenter Software Installation and User Guide
6
Configuration Manager
This chapter describes how to use the EPICenter Configuration Manager applet for:
• Uploading configuration settings from one or more devices to EPICenter, on demand or at a
predefined (scheduled) time.
• Downloading configuration settings from EPICenter to a device.
• Downloading an incremental configuration to one or more devices.
• Downloading a new ExtremeWare image to one or more devices.
• Downloading a BootROM image to one or more devices.
• Downloading a new ExtremeWare image to one or more Extreme modules.
• Downloading a BootROM image to one or more Extreme modules.
• Specifying an ExtremeWare software image as the “recommended” image. The Configuration
Manager will compare the image currently running in a switch to determine if the switch is running
the recommended or most current image.
• Performing a live software update by retrieving the latest ExtremeWare software images from
Extreme Networks.
• Specifying and configuring the TFTP server to be used for uploading and downloading configuration
settings and software images.
• Searching for a specific device or group of devices.
• Displaying device and device group parameters
• Multi-step upgrade.
Overview of the Configuration Manager
The EPICenter Configuration Manager applet provides a graphical interface for uploading and
downloading files to and from managed devices. The Configuration Manager also provides a
framework for storing the configuration files, to allow tracking of multiple versions. Configuration file
uploads can be performed on demand, or can be scheduled to occur at regular times—once a day or
once a week. The Configuration Manager supports Extreme Networks and Cisco devices.
To start the Configuration Manager applet, click the Config button in the EPICenter Navigation Toolbar.
The Configuration Manager applet appears (see Figure 66).
EPICenter Software Installation and User Guide
157
Configuration Manager
When the applet initially appears, it shows the status of the device group(s) defined in EPICenter. Click
a device group name in the Component Tree to display the summary status for the devices in the group,
as shown in Figure 66.
Figure 66: Configuration Manager showing summary device status
This display shows a summary of the upload and download activity for each managed device, as
follows:
• Status—The status of the most recent configuration activity. A green check
indicates that the
activity was successful. A red X
means that the activity (upload or download) did not complete
successfully.
• Name—The device name.
• S/w Version—The version of the ExtremeWare software that is currently running in the device.
• BootROM—The version of the bootROM currently running in the device.
• Next Scheduled Upload—The date and time for the next Archival upload, if one is scheduled.
• Last Activity—The last activity (upload or download of a configuration file, software image, or
BootROM) that has taken place through the EPICenter Configuration Manager for this device.
• Last Activity Schedule—The date and time that the activity occurred.
• Last Activity FilePath—The name and path of the configuration file or image file that was involved
in the last activity.
You can display the upload and download status of the configuration information, software, and
BootROM by clicking on an individual device in the Component Tree in the left-hand panel of the
window. This displays a status window for the device similar to the one shown in Figure 67.
158
EPICenter Software Installation and User Guide
Overview of the Configuration Manager
Figure 67: Configuration and Software status for an individual device
The device status window displays the following information:
• The success status, timestamp, and file name and location for configuration uploads and downloads.
If archiving is scheduled, it also displays the time of the next scheduled archive.
• The success status, timestamp, and versions for software downloads, as well as version information
for both the primary and secondary software stores.
• BootROM version information (at the bottom of the scrollable window, not visible in Figure 67).
Viewing Device Information from Pop-up Menus
You can select a device group or a device in the Component Tree, then right-click to display a pop-up
menu that contains the Upload, Archive, Download, Increment, Upgrade, Devices, and Properties
commands. All of the commands—with the exception of the Properties command—perform the same
functions as the buttons at the top of the page, but with the appropriate device or device group
displayed. The Properties command displays the attributes for a specific device group or device. The
device pop-up menu also contains the Alarms, Browse, EView, Statistics, Sync, Telnet, and VLANs
commands. All of these commands perform the same functions as the applets in the Navigation Toolbar
to the left of the page, but with the appropriate device displayed.
Upload
The Upload function lets you upload configuration information from one or more devices to EPICenter.
To view the Upload Configuration display for a selected device group or device:
• Right-click on the device group or device, then select Upload from the pop-up menu that appears or
click Upload from the Tool Bar.
EPICenter Software Installation and User Guide
159
Configuration Manager
This opens the Upload Configuration from Devices window.
See “Uploading Configurations from Devices” on page 163 for details on using this feature.
Archive
The Archive function lets you schedule device configuration archive uploads.
To view the Archive display for a selected device group or device:
• Right-click on the device group or device, then select Archive from the pop-up menu that appears or
click Archive from the Tool Bar.
This opens the Schedule Upload window. Select the appropriate tab to display the Device Schedule
window or the Global Schedule window.
See “Archiving Configuration Settings” on page 165 for details on using this feature.
Download
The Download function lets you manually update device configuration and status information.
To view the Download display for a selected device group or device:
• Right-click on the device group or device, then select Download from the pop-up menu that appears
or click Download from the Tool Bar.
This opens the Download Configuration to Devices window and displays the devices in a device group.
If configuration information has been uploaded from the device, the file where it was saved is listed in
the Last Upload Configuration column.
See “Downloading Configuration Information to a Device” on page 168 for details on using this feature.
Increment
The Increment function lets you execute only the commands specified in the incremental download file.
The incremental download file is used as a baseline configuration for devices running ExtremeWare 6.0
or later.
To view the Incremental display for a selected device group or device:
• Right-click on the device group or device, then select Increment from the pop-up menu that appears
or click Increment from the Tool Bar.
This opens the Download Incremental Configuration to Devices window.
See “Downloading an Incremental Configuration to Devices” on page 169 for details on using this
feature.
Upgrade
The Upgrade function lets you upgrade the ExtremeWare software or BootROM image on Extreme
devices or to Extreme modules that include software.
160
EPICenter Software Installation and User Guide
Overview of the Configuration Manager
To view the Upgrade display for a selected device group or device:
• Right-click on the device group or device, then select Upgrade from the pop-up menu that appears
or click Upgrade from the Tool Bar.
This opens the Download Image window. Select the appropriate tab to display the Device window or
the Device Slot window.
See “Upgrading Software Images” on page 170 for details on using this feature.
Devices
This menu contains the following device-related submenus: Alarms, Browse, EView, Statistics, Sync,
Telnet, and VLANs.
NOTE
The Sync submenu is disabled if the device is offline.
Alarms
The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to
show the alarms for the selected device.
To view the Alarms display for a selected device:
• Right-click on the device, then select Alarms from the pop-up menu that appears
This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log
Browser and displays the alarms for the selected device.
See Chapter 5 for details on using this feature.
Browse
The Browse function runs the ExtremeWare Vista switch management interface for the selected device.
To run ExtremeWare Vista for a selected device:
• Right-click on the device, then select Browse from the pop-up menu that appears
This starts the ExtremeWare Vista login page in a new web browser window.
Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
EView
The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image
and device information for the selected device.
To view the EView for a selected device:
• Right-click on the device, then select EView from the pop-up menu that appears
EPICenter Software Installation and User Guide
161
Configuration Manager
This starts the ExtremeView applet in a new window and displays the front-panel image and
information for the selected device.
See Chapter 10 for details on using this feature.
Statistics
The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the
selected device.
To view the Device Statistics display for a selected device:
• Right-click on the device, then select Device from the pop-up menu that appears
This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected
device.
See Chapter 11 for details on using this feature.
Sync
Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the
device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to
poll the switch and update all configuration and status information.
To launch the synchronization procedure for a selected device:
• Right-click on the device, then select Sync from the pop-up menu that appears.
This starts the Sync procedure for the selected device.
See Chapter 4 for details on using this feature.
Telnet
The Telnet function opens an EPICenter telnet window that is connected to the selected device.
To open a telnet session for a selected device:
• Right-click on the device, then select Telnet from the pop-up menu that appears
This starts a telnet session for the device in a new window.
See Chapter 7 for details on using this feature.
VLANs
The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to
the EPICenter database.
To view the VLANs for a selected device:
• Right-click on the device, then select VLANs from the pop-up menu that appears
This starts the VLAN applet in a new window and displays the VLANs currently know to the
EPICenter database.
162
EPICenter Software Installation and User Guide
Uploading Configurations from Devices
See Chapter 13 for details on using this feature.
Properties
The Properties function lets you view the attributes for a device group or a device.
To view the Properties display for all device groups:
• Right-click on the Device Groups component, then select Properties from the pop-up menu that
appears
The Device Groups Properties window appears and displays the number of device groups and the
names of the device groups that are known to EPICenter.
To view the Properties display for a selected device group:
• Right-click on the device group, then select Properties from the pop-up menu that appears
The Device Group Properties window appears and displays the attributes for the selected device group.
To view the Properties display for a selected device:
• Right-click on the device, then select Properties from the pop-up menu that appears
The Device Properties window appears and displays the attributes for the selected device.
See “Displaying Properties” on page 187 for details on using this feature.
Uploading Configurations from Devices
To upload the configuration information from one or more devices, click the Upload button at the top of
the window.
The Upload Configuration from Devices window appears, as shown in Figure 68.
EPICenter Software Installation and User Guide
163
Configuration Manager
Figure 68: The Upload Config window
To upload device configurations to EPICenter, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 From the Available Devices list, select the devices from which you want to upload configuration
information, then click the Add-> button.
If you want to upload from all the devices in the device group, click the Add All-> button.
The devices you select will be moved to the Devices for Upload list.
To remove devices from the Devices for Upload list, select the devices and click the <-Remove
button. This moves the selected devices back to the Available Devices list. Click <-Remove All to
move all the devices in the Devices for Upload list back to the Available Devices list.
3 Specify where the uploaded information should be stored:
a Select Archive to create files for each upload under the EPICenter Configs directory, in a
subdirectory hierarchy organized by year, month, and day. The form of the fully-qualified file
names for these files is:
<tftp_root>\configs\<year>\<month>\<day>\<device_address>_<time>.txt
where <tftp_root> is the location of your TFTP server. By default, <tftp_root> is
<EPICenter_install_dir>\user\tftp.
<EPICenter_install_dir> is the EPICenter installation directory, by default epc4_1.
For example, a file uploaded from device Summit24 (10.205.0.25) on September 1, 2000 at 8:06 am,
would be saved as follows:
c:\program files\Extreme Networks\EPICenter
4.1\user\tftp\configs\2000\Sept\01\10.205.0.25_0806.txt
164
EPICenter Software Installation and User Guide
Archiving Configuration Settings
NOTE
If you have reconfigured your TFTP root directory (see “Configuring the TFTP Server” on page 186),
the configs subdirectory will be found directly below (as a child of) your TFTP root directory.
b Select Specify to specify your own directory structure and file naming convention relative to the
TFTP root’s configs subdirectory. The structure will be of the form:
<tftp_root>\configs\<file_location>\
<device_address>_<filename_trailer>.txt
In the File Location field, specify the <file_location> path where the files should be stored,
starting from the configs subdirectory. DO NOT include <tftp_root>\configs as part of the
path; just include the remaining path.
In the FileName Trailer field, you can specify a string to be appended to the device address to
create a file name. For example, if you specify a file name trailer of “week_8_backup” then the
filename for the device Summit24 would be 10.205.0.25_week_8_backup.txt.
4 Click Apply to start the upload process.
The Reset button restores all the fields to their initial state.
Archiving Configuration Settings
You can schedule the uploading (archiving) of configuration information so that it is done automatically,
either once a day or once a week. By default, all new devices added to the EPICenter database use the
global schedule and do not have a set schedule for uploading configuration information.
In the Admin applet, you can specify whether the device configurations are uploaded only when the
device configuration has changed, or if switch configurations are always uploaded at the scheduled
archive time. See Chapter 16 for more information about how to set the uploading configuration
settings.
Device Schedules
A device, a set of devices, or one or more device groups can be scheduled for archive individually and
independently of other device upload schedules. To schedule device configuration archive uploads, click
the Archive button at the top of the window.
The Schedule Upload window appears, as shown in Figure 69.
EPICenter Software Installation and User Guide
165
Configuration Manager
Figure 69: Schedule Upload window
To schedule the upload of device configurations, do the following:
1 Select the appropriate tab to display the Device Schedule window.
2 Select a device group or All Devices from the drop-down menu in the Device Group field.
3 From the Available Devices list, select the devices for which you want to schedule the upload of
configuration information, then click the Add-> button.
If you want to create the same schedule for all the devices in the device group, click the Add All->
button.
The devices you select will be moved to the Devices for Scheduling list.
To remove devices from the Devices to Scheduling list, select the devices and click the <-Remove
button. This moves the selected devices back to the Available Devices list. Click <-Remove All to
move all the devices in the Devices for Scheduling list back to the Available Devices list.
4 Specify the schedule you want:
No Schedule will remove any schedule associated with the selected device(s).
Repeat Every Day indicates that the upload should be done every day at the specified time. When
you select this option, you will be able to specify the time of day (the hour and minutes) at which
the upload should be done.
Repeat Every Week indicates that the upload should be done every week at the specified day and
time. When you select this option, you will be able to specify the time of day (the hour and minutes),
and the day of the week at which the upload should be done.
5 Click Apply to have the upload schedule set for these devices.
Click the Reset button to return the schedule to its state when you initiated this window.
166
EPICenter Software Installation and User Guide
Archiving Configuration Settings
Global Schedules
When you use the Inventory Manager to add devices to the EPICenter database, the devices use the
global schedule for configuration uploads. If you have a device or series of devices that require a
configuration upload schedule that differs from the global schedule, see “Device Schedules” on
page 165 for information on how to create an individual configuration schedule. You can modify global
configuration uploads for all devices that use the global schedule by clicking the Archive button at the
top of the window.
The Schedule Upload window appears, as shown in Figure 69.
To schedule the global upload of device configurations, do the following:
1 Select the appropriate tab to display the Global Schedule window, as shown in Figure 70.
Figure 70: Global Schedule Upload window
2 Specify the global schedule you want:
No Schedule will remove any schedule associated with the device(s) that use the global schedule.
Repeat Every Day indicates that the upload should be done every day at the specified time for
devices that use the global schedule. When you select this option, you will be able to specify the
time of day (the hour and minutes) at which the upload should be done on.
Repeat Every Week indicates that the upload should be done every week at the specified day and
time for devices that use the global schedule. When you select this option, you will be able to specify
the time of day (the hour and minutes), and the day of the week at which the upload should be
done.
3 Click Apply to set the global upload schedule for the devices that do not have a set configuration
schedule.
Click the Reset button to return the schedule to its state when you initiated this window.
EPICenter Software Installation and User Guide
167
Configuration Manager
Downloading Configuration Information to a Device
Downloading a configuration does a complete configuration download, resetting the current switch
configuration and replacing it entirely with the new downloaded configuration. The switch will be
rebooted automatically after the download has completed. Configuration downloads are supported on
Extreme Networks devices and Cisco devices running IOS 12.0 and above.
To download saved configuration information to a device, click the Download button at the top of the
window.
The Download Config to a device window appears, as shown in Figure 71.
Figure 71: Download configuration window
To download a configuration to a device, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 Select the device from the device list presented. You can only download to one device at a time.
If configuration information has been uploaded from the device, the file where it was saved is listed
in the Last Uploaded Config column.
3 In the File Location field, type the location and name of the file you want to download, or click the
Show Uploaded Configs button and select the file to be downloaded.
The Browse pop-up displays the list of uploaded files for the selected device.
4 To automatically save the configuration file after the device reboots, check the Save Configuration
to: checkbox and select the configuration file from the pull-down menu. You can select the Current,
Primary, or Secondary configuration file.
Click Reset to clear all of the selections and to restore the download configuration window to its
initial state.
168
EPICenter Software Installation and User Guide
Downloading an Incremental Configuration to Devices
5 To start the download, click the Apply button.
Downloading an Incremental Configuration to Devices
You can create or designate a set of configuration information to be used as a baseline configuration for
devices running ExtremeWare 6.0 or later. Using an incremental download to execute a baseline
configuration provides a known, “standard” configuration that you can use to ensure that devices are
configured into a known state. For example, if you want to set a group of devices to the same basic
configuration, you can first set individual IP addresses on each device, and then use the incremental
configuration download feature to set all other configuration settings on all devices to a common state.
An incremental configuration download executes only the commands specified in the incremental
download file. It does not reset the switch configuration or replace any other configuration settings that
may exist in the device. No reboot is necessary. The EPICenter incremental download does not save the
configuration; you must do so.
Incremental downloads are supported on Extreme Networks devices running ExtremeWare 6.0 or later
and on Cisco devices running IOS 12.0 or later.
To download an incremental configuration to a device, click the Increment button at the top of the
window.
The Download Incremental Config To Devices window appears, as shown in Figure 72.
Figure 72: Download incremental configuration window
From this window, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 From the Supported Devices list, select the devices for which you want to download the baseline
configuration, then click the Add-> button.
If you want to download the baseline configuration to all the devices in the device group, click the
Add All-> button.
The devices you select will be moved to the Download Incremental Config to: list.
EPICenter Software Installation and User Guide
169
Configuration Manager
To remove devices from the Download Incremental Config to: list, select the devices and click the
<-Remove button. This moves the selected devices back to the Supported Devices list. Click
<-Remove All to move all the devices in the Download Incremental Config to: list back to the
Supported Devices list.
3 Select the baseline configuration you want to download from the pull-down list in the Available
Incremental Configs field.
4 Click Apply to start the baseline download to the selected device.
NOTE
The EPICenter software does not save the configuration on the device after the download. You can
use the Telnet applet to open a telnet session on the affected devices and execute a save
configuration command.
NOTE
The Configuration Manager will display an error if you attempt an incremental download on a switch
running a version of ExtremeWare prior to 6.0.
Creating an Incremental Configuration File
The purpose of an incremental configuration is to provide a set of known, standard configuration
settings you can download to a device to restore it or initialize it to a known software state.
To create an incremental configuration, you can start with a configuration file you have uploaded, or
one of the standard configuration. You can edit it, if needed, to reflect the basic configuration settings
you want to use as your baseline configuration, and to remove settings you don’t want changed.
Incremental configuration files must be stored in the <tftp_root>\baselines directory, where
<tftp_root> is the location of your TFTP server. By default, <tftp_root> is
<EPICenter_install_dir>\user\tftp.
<EPICenter_install_dir> is the EPICenter installation directory, by default epc4_1. Thus, if you
installed the EPICenter server under Windows 2000 or Windows XP using the default installation path,
your incremental configurations must be in c:\program files\Extreme Networks\EPICenter
4.1\user\tftp\baselines, unless you have reconfigured your TFTP root directory.
You can name an incremental configuration file any way you want.
NOTE
If you have reconfigured your TFTP root directory (see “Configuring the TFTP Server” on page 186), the
baselines subdirectory will be found directly below (as a child of) your TFTP server root directory.
Upgrading Software Images
The ExtremeWare software image contains the executable code that runs on the switch and on certain
Extreme modules that include software. An image comes pre-installed from the factory on every switch
and on certain modules. You can upgrade this image by downloading a new version through the
170
EPICenter Software Installation and User Guide
Upgrading Software Images
Configuration Manager. You can download the image into either the primary or secondary image, and
specify whether the switch should be rebooted to use the new image.
The BootROM software initializes certain important switch variables during the switch boot process.
CAUTION
If a BootROM upgrade does not complete successfully, it could prevent the switch from booting.
When you perform a software image upgrade, EPICenter automatically creates a backup of your
existing switch configuration. Switch configuration files are saved as text files in the
<tftp_root>\configs directory, where <tftp_root> is the location of your TFTP server. By default,
<tftp_root> is <EPICenter_install_dir>\user\tftp. The name of the configuration file contains the
switch IP address and a timestamp, and the file is saved in folders according to the day, month, and
year of the upgrade.
Performing a Multi-Step Upgrade
EPICenter allows you to perform a procedure called a multi-step upgrade. Using the multi-step upgrade
EPICenter automatically determines the appropriate upgrade path for both the device BootROM and
image. The EPICenter client software compares the desired (destination) image and BootROM versions
to the existing (source) image and BootROM versions loaded on the switch to determine what
intermediate steps, if any, are required.
Only Extreme Networks “i-series” switches are evaluated for a multi-step upgrade. Extreme devices that
are not part of the “i-series” can be upgrade only using a single step method.
NOTE
For more information on upgrading your Extreme switch, see the ExtremeWare Release Notes.
Upgrade Logic
The multi-step upgrade features uses the following logic:
• If the destination image version is greater than or equal to ExtremeWare version 6.1.9, first check the
BootROM version. The bootrom version must be at least Boot 7.6, if not, upgrade the BootROM to
Boot 7.6.
• If the source software image version is less than ExtremeWare version 6.1.9 and the destination
image is greater than ExtremeWare version 6.1.9, upgrade the software image version to
ExtremeWare version 6.1.9.
• If the source software image version is less than ExtremeWare version 6.2.2 and the destination
image version is greater than ExtremeWare version 6.2.2, upgrade the device to ExtremeWare version
6.2.2.
• If the destination software version is greater than or equal to ExtremeWare version 7.0.0, first check
the BootROM version. The BootROM version must be at least Boot 7.8, if not, upgrade to Boot 7.8.
• The final step is to upgrade to the destination software image version. This fulfills the requirement to
upgrade the software image version to ExtremeWare version 6.1.9, ExtremeWare version 7.0.0, or
other version range.
EPICenter Software Installation and User Guide
171
Configuration Manager
Multi-Step Upgrade Procedure
The multi-step upgrade procedure involves upgrading the switch multiple times in order to get from
the source software image version to the destination software image version. EPICenter performs the
upgrade procedure for each iterative step along the way.
Each time you iteratively upgrade the device during a multi-step upgrade, you should perform the
following tasks:
• Back up the current device configuration.
• Perform the current upgrade.
• Reboot the device.
• Restore the device configuration (software image upgrade, only).
• Reboot the device (software image upgrade, only).
• Synchronize the device and the EPICenter database.
For information on synchronizing the device and the database, see Chapter 4.
NOTE
When the device reboots, the EPICenter server waits until the device reboot is complete and the device
loads its configuration file. If the EPICenter server times out while the device is rebooting, it is possible
that the device reboot time is longer than what the server will waits before timing out.
Obtaining the Image and BootROM Versions
Before you perform a multi-step upgrade, make sure that you have all of the required image and
BootROM versions available on your EPICenter client machine. To get the image and BootROM
versions, use the Live Update feature, as described in “Performing a Live Software Update” on
page 183.
Specifying the Image and BootROM Versions
When you perform a multi-step upgrade, you must specify each file that you want the switch to use for
each upgrade step using the file upgrade.properties. This file is located in
<installdir>/extreme/upgrade.properties.
The upgrade.properties file contains the following:
#
#
#
#
#
#
#
#
#
#
#
#
#
#
172
Extreme Networks EPICenter
Config Manager - Multi-step Upgrade
NOTE: Please read all documentation and
release notes before proceeding
The Upgrade feature in the Config Manager
will use these values to determine the upgrade
steps for devices
- Each entry is, by default, commented out
- Verify the filename is correct and is available
EPICenter Software Installation and User Guide
Upgrading Software Images
#
#
#
#
#
on the server for each device type.
- Then uncomment the entry
DO NOT DELETE ANY OF THE LINES, COMMENT OUT IF UNUSED
#summit_inferno.boot.7.6 = ngboot76.bin
#summit_inferno.6.1.9 = v619b27.xtr
#summit_inferno.6.2.2 = v622b56.xtr
#summit_inferno.boot.7.8 = ngboot78.bin
#alpine_inferno.boot.7.6 = ngboot76.bin
#alpine_inferno.6.1.9 = v619b27.xtr
#alpine_inferno.6.2.2 = v622b56.xtr
#alpine_inferno.boot.7.8 = ngboot78.bin
#blackdiamond_inferno.boot.7.6 = ngboot76.bin
#blackdiamond_inferno.6.1.9 = v619b27.xtr
#blackdiamond_inferno.6.2.2 = v622b56.xtr
#blackdiamond_inferno.boot.7.8 = ngboot78.bin
By default, all values are commented out. You must uncomment each file that the switch will need in
order to complete the multi-step upgrade.
Upgrading Images on Devices
To download a new ExtremeWare software image to an Extreme device, click the Upgrade button at the
top of the window and select the Device tab.
The Download Image on Device window appears, as shown in Figure 73.
EPICenter Software Installation and User Guide
173
Configuration Manager
Figure 73: Download Image on Device window
To download a new software image to one or more Extreme Devices, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
The devices that belong to this group are displayed in the Device list.
Click the Devices with Outdated Images checkbox to show only devices with images that differ
from the image you specified in the Versions window.
The entries in the Image, Standard Image, and Image Status columns let you determine which
switches have outdated software images.
— The Image shows the image currently running in the device.
— The BootROM column shows the version of the BootROM running on the device.
— The Standard Image information comes from the information you provide in the Versions
window for devices of this type (see “Specifying the Current Software Versions”on page 182). If
you have not specified a software version in the Versions window, this will be blank.
— Image Status shows the status of the image compared to the version shown in the New Image
Available column. A green check
indicates that the version running in the device and the New
Image Available version are the same. A red X
indicates that the image running in the device
differs from the New Image Available version. The status is also shown as a red X if the New
Image Available column is blank.
2 From the Device list, select the devices you want to upgrade, then click the Add-> button.
If you want to upgrade the images on all the displayed devices, click the Add All-> button.
The devices you select will be moved to the Upgrade Image on Devices list.
To remove devices from the Upgrade Image on Devices list, select the devices and click the
<-Remove button. This moves the selected devices back to the Device list. Click <-Remove All to
move all the devices in the Upgrade Image on Devices list back to the Device list.
174
EPICenter Software Installation and User Guide
Upgrading Software Images
3 In the Download Options box, click the Image Download button to specify a software image
upgrade.
4 Click Apply to start the software download to the selected devices.
Click Reset to return the window to its initial state (removing all devices from the Upgrade Image
on Devices list, removing all image selections, and so on).
5 If the images do not require a multi-step upgrade, the upgrade proceeds without any additional
prompts. This is the original behavior. When finished, the device reboots according to the setting of
the Reboot Options selection.
6 If a multi-step upgrade is recommended for the device, and you have not modified the file
<installdir>/extreme/upgrade.properties, the Configuration Error dialog box is displayed, as
shown in Figure 74.
Figure 74: Configuration Error
7 After you have appropriately modified the upgrade.properties file, the Upgrade Warning dialog
box is displayed, as shown in Figure 75.
Figure 75: Upgrade Warning
8 To proceed with the multi-step upgrade, click Begin Multi-Step Upgrade.
The Multi-Step Upgrade dialog box is displayed, as shown in Figure 76.
EPICenter Software Installation and User Guide
175
Configuration Manager
Figure 76: Multi-Step Upgrade
The Multi-Step Upgrade table displays the action required to complete the upgrade:
• N/A—No action is required (the device already meets the requirement).
• Upgrade—This step will be performed during the current iteration.
• Required—This step must be performed at a future iteration.
The center section of the dialog box provides a written version of the required steps.
If you do not want to use the multi-step upgrade procedure and, instead, want to force the system to
perform a single-step upgrade from your current software image version to your desired software
image version, click Skip Multi-Step Upgrade. Skipping the multi-step upgrade and upgrade
directly to the specified version.
WARNING!
If you select Skip Multi-Step Upgrade, be sure that you fully understand all upgrade procedures.
Skipping the multi-step upgrade procedure may cause an error on the device and can cause the
upgrade to fail.
9 To begin the first part of the multi-step upgrade process, click Begin Upgrade.
To print the table and written directions, click Print. To cancel the process, click Cancel.
10 Repeat this procedure for each part of the multi-step process, until you have completely updated
your device(s).
11 When the upgrade process has completed, click Close to close the Download Image on Device
window.
After you upgrade the device(s), you should check each device configuration to be sure that the new
image has been properly loaded. For more information on verifying the device, see the ExtremeWare
Release Notes.
176
EPICenter Software Installation and User Guide
Upgrading Software Images
Rebooting Procedures for Multi-Step Upgrades
During a multi-step upgrade, your Extreme devices are automatically rebooted for each intermediate
upgrade process between the source image and the destination image. For example, if the multi-step
upgrade includes two sets of upgrade events, the switch is automatically rebooted between upgrade one
and upgrade two. If the multi-step upgrade includes three sets of events, the switch is automatically
rebooted between upgrade one and upgrade two, and again between upgrade two and upgrade three.
The “final” reboot of a multi-step procedure works identically to a standard, single upgrade of either
the software image or BootROM. The switch is rebooted according to the option you select using the
Reboot Options setting:
• Do not reboot after download indicates the devices should not be rebooted.
• Reboot immediately after download indicates the devices should be rebooted immediately after the
download. This selection also provides an option to restore the saved configuration to the device.
• Reboot after indicates the devices should be rebooted at a later time, and lets you specify the
number of hours (up to 72) to wait before doing the reboot.
Upgrading BootROM on Devices
To download a new ExtremeWare BootROM to an Extreme device, click the Upgrade button at the top
of the window and select the Device tab.
The Download Image on Device window appears, as shown in Figure 77.
Figure 77: Download Image on Device window
EPICenter Software Installation and User Guide
177
Configuration Manager
To upgrade the BootROM on a device, do the following:
1 In the Download Options box select the BootROM Download button to specify a BootROM
upgrade.
This displays the Selected BootROM Image field.
2 Click the Select Image... button to display the Select Software Image window. Select the software
image you want to download from the Select Software Image window and click OK.
For more information about selecting BootROM images, see “Selecting Software Images” on
page 181.
3 Indicate whether the devices should be rebooted:
— Click Do not reboot after download to indicate the devices should not be rebooted.
— Click Reboot immediately after download to indicate the devices should be rebooted
immediately after the download.
— Click Reboot after to indicate the devices should be rebooted at a later time, and enter the
number of hours (up to 72) to wait before doing the reboot.
4 Click Apply to start the software download to the selected devices.
Click Reset to return the window to its initial state (removing all devices from the Upgrade Image
on Devices list, removing all image selections, and so on).
5 When the upgrade process has completed, click Close to close the Download Image on Device
window.
Upgrading Slot Images on Modular Devices
To download a new ExtremeWare software or BootROM image to an Extreme module, click the
Upgrade button at the top of the window and select the Device Slot tab.
The Download Image on Device Slot window appears, as shown in Figure 78.
178
EPICenter Software Installation and User Guide
Upgrading Software Images
Figure 78: Download Image on Device Slot window
To download a new software image to one or more slots in Extreme modular devices, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
Regardless of the number of devices that are members of a device group, only Extreme modular
devices are displayed in the Device list.
The Slot list displays information about the slots in the selected modular device.
— Slot shows the number of the slot in the device.
— Type shows the type of module that is installed in the slot. If a module is not installed in the slot,
the Type field shows the word Empty.
— Image shows the ExtremeWare software version that is currently installed in the module, if
applicable.
— BootROM shows the BootROM image that is currently installed in the module, if applicable.
NOTE
If the Image and BootROM columns are empty, the module does not contain a special
ExtremeWare software version or BootROM image and does not support a software download.
2 To upgrade modules, select a device from the Device list. A list of the modules installed in the
device is displayed in the Slot list. From the Slot list, select the module you want to upgrade then
click the Add-> button.
If you want to upgrade the images on all of the displayed modules that support software, click the
Add All-> button.
EPICenter Software Installation and User Guide
179
Configuration Manager
NOTE
If you try to download an ExtremeWare software image or BootROM image on a module that does
not support those images, you will receive an error message.
The modules you select will be moved to the Upgrade Image on device slot list.
To remove modules from the Upgrade Image on device slot list, select the module and click the
<-Remove button. This moves the selected modules back to the Slot list. Click <-Remove All to
move all of the modules in the Upgrade Image on device slot list back to the Slot list.
3 In the Download Options box, select the type of upgrade you want to perform:
— Click the Image Download button to specify a software image upgrade.
— Click the BootROM Download button to specify a BootROM upgrade.
4 For a software image upgrade, do the following:
a To select the software image you want to download, click the Image Download button in the
Download Options box. This displays the Selected Software Image field.
Click the Select Image... button to display the Select Software Image window. Select the software
image you want to download from the Select Software Image window and click OK.
For more information about selecting software images, see “Selecting Software Images” on
page 181.
NOTE
Some Alpine modules and BlackDiamond modules require a special ExtremeWare software image
that only runs on that particular module. If you try to download an incompatible image, you will
receive an error message.
b Select the download target in the Download To field: Current, Primary, or Secondary.
5 For a BootROM upgrade, click the BootROM Download button in the Download Options box. This
displays the Selected BootROM Image field.
Click the Select Image... button to display the Select Software Image window. Select the software
image you want to download from the Select Software Image window and click OK.
For more information about selecting BootROM images, see “Selecting Software Images” on
page 181.
NOTE
Some Alpine modules and BlackDiamond modules require a special BootROM image that only runs
on that particular module. If you try to download an incompatible image, you will receive an error
message.
6 Indicate whether the slots should be rebooted:
— Click Do not reboot after download to indicate the slots should not be rebooted.
— Click Reboot immediately after download to indicate the slots should be rebooted immediately
after the download.
7 Click Apply to start the software download to the selected modules.
Click Reset to return the window to its initial state (removing all modules from the Upgrade Image
on device slot list, removing all image selections, and so on).
180
EPICenter Software Installation and User Guide
Selecting Software Images
8 When the upgrade process has completed, click Close to close the Download Image on device slot
window.
Selecting Software Images
EPICenter makes it easy for you to select and download ExtremeWare software images or BootROM
images to devices or device slots in modular devices.
To select ExtremeWare software images:
1 From the Download Image on window, select the appropriate tab to display the Device or Device
Slot options.
2 Select the devices or device slots you want to update.
3 In the Download Options box, click the Image Download button.
4 Click the Select Image... button to display the Select Software Image window. Select the software
image you want to download from the Select Software Image window and click OK.
The Select Software Image window displays the following information in a tabular format:
• The Name column lists the name of the ExtremeWare software build.
• The Version column lists the version of the ExtremeWare software.
• The Description columns lists additional information about the software. For example, if the
software is available for “i” series devices only, you may see a notation in the Description
column.
If you select a software image and click the Close button to exit the Select Software Image window, the
software image is displayed in the Selected Software Image field.
To select BootROM images:
1 From the Download Image on window, select the appropriate tab to display the Device or Device
Slot options.
2 Select the devices or device slots you want to update.
3 In the Download Options box, click the BootROM Download button.
4 Click the Select Image... button to display the Select Software Image window. Select the software
image you want to download from the Select Software Image window and click OK.
The Select Software Image window displays the following information in a tabular format:
• The Name column lists the name of the BootROM image.
• The Version column lists the version of the BootROM image.
• The Description columns lists additional information about the software. For example, if the
software is available for Summit series devices only, you may see a notation in the Description
column.
If you select a BootROM image and click the Close button to exit the Select Software Image window,
the BootROM image is displayed in the Selected BootROM Image field.
EPICenter Software Installation and User Guide
181
Configuration Manager
Specifying the Current Software Versions
The Versions window lets you specify the current version of the ExtremeWare software for each type of
Extreme Networks device, including:
• Alpine
• BlackDiamond non-”i” Series
• BlackDiamond “i” Series
• Summit non-”i” Series
• Summit “i” Series
• Summit E3
This information is used by the EPICenter software to determine whether an individual device is
running the version you have specified as the “current version.” This is the version that appears in the
New Image Available column in the Download Image on Device window.
Click the Versions button at the top of the window to display the Configure Standard version window,
as shown in Figure 79.
Figure 79: Configure Standard version window
To select a software version for a particular device type, type in the software version or click the Select
button to display the Select Software Image window, as shown in Figure 80.
182
EPICenter Software Installation and User Guide
Performing a Live Software Update
Figure 80: Select Software Image window
Highlight the version that you want to be standard on all of this device type across your network and
click OK.
For information on performing a live software update using the Live Update button, see “Performing a
Live Software Update”.
Performing a Live Software Update
The Live Update Software Images window displays a list of available software and allows you to
connect directly to Extreme Networks to download the most current ExtremeWare software images and
BootROM images to your local EPICenter server. After you download the new images, you can use the
images to upgrade your managed devices and modules. Before you can download the software images,
you must have a current support contract as well as a user name and password to obtain access to the
Extreme Networks server.
Downloading the software or BootROM images from Extreme Networks does not automatically
upgrade the devices with the new images. Depending on the software image you downloaded, the
image is placed in one of the following directories:
• Device images—<EPICenter_install_dir>\user\tftp\images (by default c:\program
files\Extreme Networks\EPICenter 4.1\user\tftp\images in the Windows operating
environment) or /opt/extreme/epc4_1/user/tftp/images on a Solaris system
EPICenter Software Installation and User Guide
183
Configuration Manager
• Device BootROM images—<EPICenter_install_dir>\user\tftp\bootrom (by default c:\program
files\Extreme Networks\EPICenter 4.1\user\tftp\bootrom in the Windows operating
environment) or /opt/extreme/epc4_1/user/tftp/bootrom on a Solaris system
• Slot images—<EPICenter_install_dir>\user\tftp\slotImages (by default c:\program
files\Extreme Networks\EPICenter 4.1\user\tftp\slotImages in the Windows operating
environment) or /opt/extreme/epc4_1/user/tftp/slotimages on a Solaris system
• Slot BootROM images—<EPICenter_install_dir>\user\tftp\slotBootRom (by default
c:\program files\Extreme Networks\EPICenter 4_1\user\tftp\slotBootRom in the Windows
operating environment) or /opt/extreme/epc4_1/user/tftp/slotbootrom on a Solaris system.
Obtaining New Software Images
To obtain a current software image, do the following:
1 Click the Update button at the top of the window to display the Live Update Software Images
window, as shown in Figure 81. You can also access the Live Update Software Images window by
clicking the Live Update button from the Select Software Image window, as described in the section,
“Specifying the Current Software Versions”.
Figure 81: Live Update Software Images window
• The Type column lists whether the image is a version of ExtremeWare software or a version of
BootROM software.
• The Name column lists the name of the software build.
• The Version column lists the version number of the software.
• The Status column lists whether the software is a general availability software release.
• The Present column lets you know if current versions of software are available on your local
system in the following directories (where <tftp_root> is the location of your TFTP server):
<tftp_root>/images, <tftp_root> bootrom, <tftp_root>SlotImages, or
184
EPICenter Software Installation and User Guide
Performing a Live Software Update
<tftp_root>/slotBootRom, or if the software is only available remotely, directly from Extreme
Networks. If you see yes, the software is available from EPICenter, and you have the most
current release of software. If you see no, the software is available from Extreme Networks, and
you do not have the most current release of software.
• The Description column provides a description of the software. For example, if the software is
intended for a Summit device, you will see an explanation that tells you the software is for the
Summit product line. Use the description information to determine the type of device or module
the software is intended for.
2 Select the device or slot image you want to update. You can select more than one image.
3 Click OK to display the Login to Remote Server window, as shown in Figure 82.
Figure 82: Login to Remote Server window
4 Enter your support user name in the User Name field and password in the Password field to access
the Extreme Networks server.
NOTE
You must have a current support contract as well as a user name and password to obtain access to
the Extreme Networks server
5 Click OK to log into the Extreme Networks server.
A Messages From Server dialog box appears and displays the status of your request. Click OK to
close the dialog box.
6 Click Cancel to close the window.
EPICenter Software Installation and User Guide
185
Configuration Manager
Configuring the TFTP Server
If you already have a TFTP server installed on the system where the EPICenter server is running, you
may choose to use that TFTP server instead of the one provided with EPICenter. This is the server that
actually does the downloading and uploading from the devices.
NOTE
In EPICenter 4.1, the Configuration Manager can cause multiple devices to contact the TFTP server at
once to perform upload or download operations. Some third party TFTP servers can have problems
accepting multiple TFTP requests. If you are running a third party TFTP server and this happens,
disable the TFTP server and use the EPICenter TFTP server.
The Server function lets you enable or disable the embedded TFTP server, and specify an alternate path
for the location of the server.
Click the TFTP button at the top of the window to display the Configure TFTP Server window, as
shown in Figure 83.
Figure 83: Configure TFTP Server window
By default, the embedded TFTP server is enabled.
• Click the Disable EPICenter TFTP Server button to disable the server.
• Click the Enable EPICenter TFTP Server button to enable the server.
NOTE
You cannot disable the server unless you provide a path to an alternate TFTP server.
• To change the location of the TFTP server root, change the path in the Set TFTP Root field.
By default, the TFTP server is installed in <epicenter_install_dir>\user\tftp where
<epicenter_install_dir> is the directory where the EPICenter server is install. By default, the
TFTP server is found in c:\program files\Extreme Networks\EPICenter 4.1\user\tftp in the
Windows operating environment, or /opt/extreme/epc4_1/user/tftp on a Solaris system.
EPICenter will create six subdirectories (baselines, bootrom, configs, images, slotImages, and
slotBootRom) as children of the directory you specify as the TFTP server root.
186
EPICenter Software Installation and User Guide
Finding Devices
NOTE
If you plan to use this TFTP server with other software, such as the ExtremeWare CLI or for any other
purpose, be aware of possible differences in the expected locations of the TFTP server and other
components such as ExtremeWare software images or configuration files. See the EPICenter Release
Note and Quick Start Guide for information on any known issues.
Finding Devices
You can search for a device in the EPICenter database by name, by IP address, or by type of device. This
may be useful if you have a large number of devices in your inventory.
To search for a device, follow these steps:
1 Click Find at the top of the Configuration Manager page.
2 Enter your search criteria:
You can search for devices by name or by IP address. You can limit the search to a specific device
group, or to a specific type of Extreme device. Search criteria can include:
— A device name. Click the Device Name button, and enter a complete or partial name in the
Search: field.
— An IP address. Click the IP Address button and enter a complete or partial IP address in the
Search: field. You can use the wild card characters * or ? in your search criteria.
* acts as a wildcard for an entire octet (0-255)
? is a wildcard for a single digit (0-9)
— A device group. Select the device group from the drop-down menu in the device group field. If
you do not specify a name or IP address in the Search field, all devices in the device group you
select will be found.
— A device type. Select the device type from the drop-down menu in the type field. If you do not
specify a name or IP address in the Search field, all devices of the type you select will be found.
3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed
in the center panel. Information includes the device group in which the device can be found, its
name, IP address, and the type of device.
4 Double-click on a device in the results table to highlight the device in the Component Tree, or select
a device in the results table and click Go To, to display the configuration information for that device.
If you click Go To, the search window will close.
5 Click New Search to clear all search criteria.
6 Click Close to close the search window.
Displaying Properties
You can view the properties of a device group, device, slot, or port in the EPICenter database. This
section describes how to view properties through the ExtremeView applet.
EPICenter Software Installation and User Guide
187
Configuration Manager
Device Group Properties
You can view summary information for all device groups, or view information about individual device
groups.
To view summary information for all device groups, right-click on the Device Groups component and
select Properties from the pop-up menu.
The Device Groups Properties window appears, showing the All Device Groups display. This displays a
list of the current device groups and their descriptions. For more details about this display, see
Chapter 4.
You can also view properties for a specific device group. To view properties for a specific device group,
right-click on a device group and select Properties from the pop-up menu.
The Device Group Properties window appears, showing information about the selected group. This
includes the group description, the number of devices in the group, and a list of the devices. For more
details about this display, see Chapter 4.
Device Properties
To view properties for a device, right-click on a device in the Component Tree and select Properties
from the pop-up menu that appears.
The Device Properties window has five tabs at the top of the window:
• Device
• VLAN
• STP
• Network Login/802.1x
• Syslog Messages
Each tab displays the name of the device and a status “light” which shows the status of the device as
detected by EPICenter.
The Device Tab
The Device tab displays information about the device such as its IP address, MAC address, and boot
time. The main section of the window presents the same information you can view in the Inventory
Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the
switch provides comprehensive status information.
The VLAN Tab
The VLAN tab lists the VLANs configured on the device.
The STP Tab
The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more
than one entry per STPD if the domain includes multiple VLANs.
188
EPICenter Software Installation and User Guide
Displaying Properties
The Network Login/802.1x Tab
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the device.
The Syslog Messages Tab
The Syslog Messages tab lists information about each Syslog Message received from the device.
EPICenter Software Installation and User Guide
189
Configuration Manager
190
EPICenter Software Installation and User Guide
7
Using the Interactive Telnet Application
This chapter describes how to use the Interactive Telnet application for:
• Configuring Extreme devices using Telnet and the ExtremeWare Command Line Interface (CLI)
• Configuring third-party devices using interactive Telnet
Overview of the Interactive Telnet Applet
Users with Administrator or Manager access can view and modify configuration information for
Extreme switches (Summit, Alpine, and Black Diamond switches) and third-party devices managed by
EPICenter using Telnet and the ExtremeWare Command Line Interface (CLI). You can also use the
interactive Telnet capability to view and modify configuration information for third-party devices being
managed by EPICenter.
The Telnet application provides two usage modes:
• A Macro View, where you can set up CLI command macros, and run them on multiple switches in a
single operation. You set a macro to run repeatedly, and can save them in the EPICenter database for
future use.
• An individual session mode, where you can open a session on an individual device, and execute
commands just as you would from a standard Telnet interface.
Using Telnet with Extreme Switches
The Telnet applet allows the scripting and playback of groups of CLI commands (macros) to a selection
of Extreme switches. You can also use this applet to run an interactive Telnet session on an individual
switch, including third-party switches. Telnet macros are supported on 3Com SuperStack II model 1100,
3300, and 3900 switches.
Select Telnet from the Navigation Toolbar to display the Telnet module. The Telnet Macro view for all of
the devices known to EPICenter is displayed, as shown in Figure 84.
EPICenter Software Installation and User Guide
191
Using the Interactive Telnet Application
Figure 84: The Telnet applet, macro interface
The Telnet Connections list displays the switches in all of the device groups, and shows the status of
any macros that have run or are being run on the switch. If macros are not supported on an individual
switch (true of third party switches and a few Extreme switches) the Macro Status will be “Macros not
supported.”
NOTE
If a switch is not supported by the EPICenter interactive Telnet feature, it will not appear in the Telnet
Connections list, or in the Component Tree in this applet.
When a Telnet session is currently open on a switch, the switch name is highlighted in bold in the list of
switches in the Component Tree.
NOTE
If a switch displayed in the Component Tree has an “S” in a red circle along with the name, that means
that the switch is not responding to SNMP requests. However, the switch may still respond to HTTP or
Telnet requests.
Running ExtremeWare Command Macros
The lower half of the Macro view page contains the macro command buffer. You can enter a series of
ExtremeWare commands into this buffer, which will form a script that can be played to the set of
switches you select in the Telnet Connections list.
192
EPICenter Software Installation and User Guide
Using Telnet with Extreme Switches
Figure 85 shows a command script entered into the buffer.
Figure 85: The Telnet record and play buffer
To create a macro for playback to a set of Extreme switches, follow these steps:
1 In the Telnet Connections list, select the set of switches where you want your command macro to
run. The switches need not have a Telnet session already open—the macro play function will open a
connection and log into the switch.
2 Enter a series of ExtremeWare commands into the macro buffer.
There are three ways to enter commands into the macro buffer:
— Type the commands directly into the buffer.
— Cut or copy commands from another location, either elsewhere in the buffer or from an external
document, and paste them into the buffer.
Click the right mouse button anywhere in the macro buffer to display a pop-up edit menu which
provides copy and paste functions. You can copy text from within the macro buffer using the
copy function from the pop-up menu. From an external document, cut or copy text into the
clipboard, then use the paste function from the pop-up edit menu.
— Load a saved macro (see “Saving a Macro in the EPICenter Database” on page 195).
The source of the commands in the macro buffer is indicated by the Macro Source: field at the top of
the macro buffer panel.
EPICenter Software Installation and User Guide
193
Using the Interactive Telnet Application
There are four variables you can use in an ExtremeWare CLI command that will be expanded when
the target switch is contacted. These are:
Table 6: ExtremeView Macro Variables
Variable
Definition
<NAME>
The name of the switch
<DATE>
The current date of the EPICenter server
<TIME>
The current time of the EPICenter server
<ADDRESS>
The IP address of the switch
For example, you can enter the command
upload config 45.1.12.101 extreme/<NAME>.cfg
and the macro substitutes the name of each switch on which it executes the macro.
These variables can only be used in macros, not in an interactive Telnet session.
NOTE
Because macros are intended for unattended, batch-type use, you should not use interactive
commands in a macro. They may cause the command to run in a loop.
3 To set the macro so that it plays back repeatedly at a specified interval, click the Repeat button to
display the Macro Repeat pop-up window.
a Check the Repeating check-box.
b Enter an interval (in seconds) in the Repeat Delay (sec) field.
c
Click OK.
4 Click Play to initiate playback of the macro on the selected switches. This opens a connection to the
switch, logs in using the switch login and password as specified in the Inventory Manager, and runs
the macro.
If the macro is a repeating macro, it will repeat sequentially on all selected switches until you click
Stop.
You can execute just a portion of a macro by highlighting just the portion of the macro that you want
to execute. Only the selected portion will execute when you initiate the playback. This will not affect
saving the macro—the entire macro will be saved even if only a portion is highlighted.
The Macro Status column in the Telnet Connections table indicates the status of the macro as
execution progresses on the selected switches. The states are:
— Pending—The macro is intended to run on this switch, but has not yet started. This macro is
used only used when playing macros repeatedly.
— Playing—The macro is currently running.
— Stopped—The macro was stopped before it completed.
— Complete—The macro has completed running.
— Macros Not Supported—Macros cannot be run on this device (may appear if you select a
non-Extreme device or the Summit Px1 or Summit 24e2T/X devices).
— Failed—A failure occurred when the macro was run. This is frequently due to an inability to
connect to the switch.
194
EPICenter Software Installation and User Guide
Using Telnet with Extreme Switches
CAUTION
Macro play will be automatically stopped if you exit the Telnet applet (by selecting another applet or
logging out) while a macro is running.
There are two ways to view the results of the last macro execution on a particular switch:
• You can select the switch in the Telnet Connections list, and click the View button at the top of the
screen. The View window displays the command output. Click OK to close the window.
Or
• You can view the Telnet log file, found in the user\Telnet subdirectory in the EPICenter root install
directory. Log files are created for each switch that runs the macro, and the files are saved according
to the switch IP address. The log files display the command output for the last macro played.
Saving a Macro in the EPICenter Database
To save a macro you have defined, click the Save button. This displays the Macro Save pop-up window
(see Figure 86).
Figure 86: Saving a macro to the database
Enter a name for the macro, an optional description, and click OK.
All current contents of the macro buffer will be saved in the database under the name you specify.
Selecting a portion of the macro (to playback only part of the macro) does not affect the save function.
To load a saved macro, click the Load button. This displays the Load Macro pop-up window (see
Figure 87).
Figure 87: Loading a macro from the database
The pop-up window displays the names and descriptions of all saved macros, as well as the owner
(EPICenter user) who created the macro, and the time at which it was last saved.
Select the macro you want to load and click Load. You can select only one macro to load at a time.
EPICenter Software Installation and User Guide
195
Using the Interactive Telnet Application
The contents of the saved macro will replace any previous contents in the macro buffer.
You can delete a saved macro by clicking the Delete button. A pop-up window similar to the Load
Macro window appears. Select one or more macros to delete, then click Delete.
You will be asked to confirm the deletion.
Examples of ExtremeWare Command Macros
EPICenter supports the use some interactive ExtremeWare commands, such as create, configure, and
save, as well as commands that may require you to press the space bar to continue or [Q] to quit. For
interactive commands used in a command macro, you need to supply the response to the command in a
separate line. The following examples illustrate usage of these commands.
• To create a user account with the name “joesmith” and a password of “2joe3,” enter the following
commands:
create account user joesmith
2joe3
2joe3
NOTE
If you type a command that requires a password, you need to enter the password twice. In a
command macro, unlike an interactive Telnet session, the first “password” sets the password, and
the second “password” confirms the password.
• To use the save command to save a configuration to the switch, enter the following commands:
save
yes
• To delete a user-defined STPD domain (stpd2) from the switch, enter the following commands:
delete stpd2
yes
• To reboot the switch, enter the following commands:
reboot
yes
Running a Telnet Session on an Individual Switch
You can open a Telnet session on an individual switch by selecting the switch from the Telnet switch list
in the Component Tree. This opens a Telnet session to the selected switch, and then waits for command
input, just as with any other Telnet session.
EPICenter allows only five Telnet sessions to be open concurrently. Therefore, if you select more than
five switches, EPICenter will open five connections, then close the oldest (the first connection) in order
to open a connection on the sixth switch, and so on. Open telnet sessions are indicated by displaying
the switch name in bold in the Component Tree.
Any open Telnet sessions will be closed when you leave the Telnet applet to view a different EPICenter
applet.
196
EPICenter Software Installation and User Guide
Using Telnet with Extreme Switches
Figure 88: A newly-opened Telnet session
Devices with open
Telnet sessions
The Telnet session window is a two-tone window—the bottom of the window is white, the top is grey.
The last 25 lines of Telnet commands and responses always appear in the white portion of the window.
As output grows, the older lines scroll up into the grey portion of the screen. This makes it easy to tell
whether you are viewing the most recent Telnet output.
The Telnet session window will display the commands and results from macros that are run on the
switch. You can also type in commands individually.
Copy/Paste from an Interactive Telnet Session
A copy and paste function is available within an interactive Telnet session. Copy and paste let you copy
from one interactive Telnet session into another interactive session or into the macro buffer. You can also
paste commands from an external document into an interactive Telnet session. The copy and paste
commands reside on a pop-up menu that you can display using the right mouse button, as shown in
Figure 89).
EPICenter Software Installation and User Guide
197
Using the Interactive Telnet Application
Figure 89: An open Telnet session showing the pop-up edit menu
• To copy from an interactive session, highlight the lines you want to copy, click the right mouse
button and select Copy from the pop-up menu.
• To paste into an interactive Telnet session or into the macro buffer, place the cursor where you want
the lines inserted, click the right mouse button and select Paste from the pop-up menu.
NOTE
You cannot use the browser cut and paste functions for this purpose.
Macro Recording and Playback from an Interactive Telnet Session
The record function creates a macro by echoing commands that you type in an interactive Telnet
session, into the Macro Record/Play Buffer. The record function is controlled by commands from a
pop-up menu displayed by using the right mouse button, as shown in Figure 89.
• To start recording a macro, click the right mouse button and select Start Record from the pop-up
menu.
Everything you type after this is copied into the macro Record/Play Buffer until you select Stop
Record from the pop-up menu.
• To stop recording a macro, click the right mouse button and select Stop Record from the pop-up
menu.
The commands that are part of the macro are automatically entered into the macro command buffer.
• To play the macro on one or more switches, select the Device Groups component or the name of a
device group in the Component tree, and play back the macro in the main Telnet page as discussed
in the section “Running ExtremeWare Command Macros,” on page 192.
198
EPICenter Software Installation and User Guide
Using Interactive Telnet with Third-Party Devices
Using Interactive Telnet with Third-Party Devices
You can open an interactive Telnet session on a third-party device and execute commands interactively.
Select the switch from the Telnet device list in the Component Tree. This opens a Telnet session to the
selected switch, and waits for input as appropriate to the device’s telnet interface. Unlike Telnet to an
Extreme Networks switch, it does not log you in to the device. You must log in as required for the
device.
You can enter and execute commands using the device’s command line interface. The commands and
any resulting output will be displayed in the session window just as if you were running a Telnet
session on any other client.
The Telnet session window is a two-tone window—the bottom of the window is white, the top is grey.
The last 25 lines of Telnet commands and responses always appear in the white portion of the window.
As output grows, the older lines scroll up into the grey portion of the screen. This makes it easy to tell
whether you are viewing the most recent Telnet output.
To close the Telnet session, type the appropriate exit command on the command line. The session will
be closed automatically when you exit the Telnet applet.
Viewing Device Information from Pop-up Menus
You can select a device group or a device in the Component Tree, then right-click to display a pop-up
menu that contains the Properties command. The Properties command displays the attributes for a
specific device group or device. The device pop-up menu also contains the Alarms, Browse, EView,
Statistics, Sync, and VLANs commands. All of these commands perform the same functions as the
applets in the Navigation Toolbar to the left of the page, but with the appropriate device displayed.
Properties
The Properties function lets you view the attributes for a device group or a device.
To view the Properties display for all device groups:
• Right-click on the Device Groups component, then select Properties from the pop-up menu that
appears
The Device Groups Properties window appears and displays the number of device groups and the
names of the device groups that are known to EPICenter.
To view the Properties display for a selected device group:
• Right-click on the device group, then select Properties from the pop-up menu that appears
The Device Group Properties window appears and displays the attributes for the selected device group.
To view the Properties display for a selected device:
• Right-click on the device, then select Properties from the pop-up menu that appears
The Device Properties window appears and displays the attributes for the selected device.
See “Displaying Properties” on page 202 for details on using this feature.
EPICenter Software Installation and User Guide
199
Using the Interactive Telnet Application
Alarms
The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to
show the alarms for the selected device.
To view the Alarms display for a selected device:
• Right-click on the device, then select Alarms from the pop-up menu that appears
This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log
Browser and displays the alarms for the selected device.
See Chapter 5 for details on using this feature.
Browse
The Browse function runs the ExtremeWare Vista switch management interface for the selected device.
To run ExtremeWare Vista for a selected device:
• Right-click on the device, then select Browse from the pop-up menu that appears
This starts the ExtremeWare Vista login page in a new web browser window.
Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
EView
The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image
and device information for the selected device.
To view the EView for a selected device:
• Right-click on the device, then select EView from the pop-up menu that appears
This starts the ExtremeView applet in a new window and displays the front-panel image and
information for the selected device.
See Chapter 10 for details on using this feature.
Statistics
The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the
selected device.
To view the Device Statistics display for a selected device:
• Right-click on the device, then select Device from the pop-up menu that appears
This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected
device.
See Chapter 11 for details on using this feature.
200
EPICenter Software Installation and User Guide
Finding Devices
Sync
Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the
device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to
poll the switch and update all configuration and status information.
To launch the synchronization procedure for a selected device:
• Right-click on the device, then select Sync from the pop-up menu that appears.
This starts the Sync procedure for the selected device.
VLANs
The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to
the EPICenter database.
To view the VLANs for a selected device:
• Right-click on the device, then select VLANs from the pop-up menu that appears
This starts the VLAN applet in a new window and displays the VLANs currently know to the
EPICenter database.
See Chapter 13 for details on using this feature.
Finding Devices
You can search for a device in the EPICenter database by name, by IP address, or by type of device. This
may be useful if you have a large number of devices in your inventory.
To search for a device, follow these steps:
1 Click Find at the top of the Telnet applet page.
2 Enter your search criteria:
You can search for devices by name or by IP address. You can limit the search to a specific domain,
or to a specific type of Extreme device. Search criteria can include:
— A device name. Click the Device Name button, and enter a complete or partial name in the
Search: field.
— An IP address. Click the IP Address button and enter a complete or partial IP address in the
Search: field. You can use the wild card characters * or ? in your search criteria.
* acts as a wildcard for an entire octet (0-255)
? is a wildcard for a single digit (0-9)
— A device group. Select the device group from the drop-down menu in the device group field. If
you do not specify a name or IP address in the Search field, all devices in the device group you
select will be found.
— A device type. Select the device type from the drop-down menu in the type field. If you do not
specify a name or IP address in the Search field, all devices of the type you select will be found.
EPICenter Software Installation and User Guide
201
Using the Interactive Telnet Application
3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed
in the center panel. Information includes the domain in which the device can be found, its name, IP
address, and the type of device.
4 Double-click on a device in the results table to highlight the device in the Component Tree, or select
a device in the results table and click OK, to initiate a telnet session on the device (see “Running a
Telnet Session on an Individual Switch” on page 196). If you click Go To, the search window will
close.
5 Click New Search to clear all search criteria.
6 Click Close to close the search window.
Displaying Properties
You can view the properties of a device group or a device in the EPICenter database. This section
describes how to view the device group properties and the device properties.
Device Group Properties
You can view summary information for all device groups, or view information about individual device
groups.
To view summary information for all device groups, right-click on the Device Groups component and
select Properties from the pop-up menu.
The Device Groups Properties window appears, showing the All Device Groups display. This displays a
list of the current device groups and their descriptions. For more details about this display, see
Chapter 4.
You can also view properties for a specific device group. To view properties for a specific device group,
right-click on a device group and select Properties from the pop-up menu.
The Device Group Properties window appears, showing information about the selected group. This
includes the group description, the number of devices in the group, and a list of the devices. For more
details about this display, see Chapter 4.
Device Properties
To view properties for a device, right-click on a device in the Component Tree and select Properties
from the pop-up menu that appears.
The Device Properties window has five tabs at the top of the window:
• Device
• VLAN
• STP
• Network Login/802.1x
• Syslog Messages
Each tab displays the name of the device and a status “light” which shows the status of the device as
detected by EPICenter.
202
EPICenter Software Installation and User Guide
Displaying Properties
The Device Tab
The Device tab displays information about the device such as its IP address, MAC address, and boot
time. The main section of the window presents the same information you can view in the Inventory
Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the
switch provides comprehensive status information.
The VLAN Tab
The VLAN tab lists the VLANs configured on the device.
The STP Tab
The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more
than one entry per STPD if the domain includes multiple VLANs.
The Network Login/802.1x Tab
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the device.
The Syslog Messages Tab
The Syslog Messages tab lists information about each Syslog Message received from the device.
For more details about the Device Properties window, see Chapter 4.
EPICenter Software Installation and User Guide
203
Using the Interactive Telnet Application
204
EPICenter Software Installation and User Guide
8
The Grouping Manager
This chapter describes how to use the Grouping Manager to do the following:
• Create new groups
• Create new user or host resources
• Add resources or groups to a parent group
• Define relationships between resources
• Add attributes to a resource or a group
• Search for resources
• Import users and hosts from Windows Domain Controller, NIS, an LDAP directory, or a file
Overview of the Grouping Manager
The Grouping Manager allows you to collect network “resources” (devices, ports, users, hosts, and
VLANs) into groups that can be manipulated or managed as a single entity.
A group is a hierarchical collection of resources that have been grouped together for some common
purpose. A group can contain individual resources as well as other (subordinate) groups. Groups
(except for Device Groups) are not exclusive—a resource can be a member (child) of more than one
group.
Resources are individual elements in your network, such as a device, port, host (end station), user, or
VLAN. Device, port, and VLAN resources are defined externally to the Grouping Manager, through the
EPICenter discovery capability and the Inventory and VLAN applets. User and Host resources are
defined within the Grouping module, either by importing the information from an external source (such
as an LDAP directory, NT Domain Controller, NIS server, or a file) or by creating the resources within
the grouping module. A group can also be considered a “resource” when it is used as an entity in the
same way as an individual resource would be used—such as in a Policy definition within the EPICenter
Policy Manager, an optional, separately-licensed product.
With the exception of Device Groups and Port Groups, the group and resource definitions you create
through the Grouping applet are primarily useful within the Policy Manager. For more information on
how groups are used within that application, see the EPICenter Policy Manager Software User Guide.
EPICenter Software Installation and User Guide
205
The Grouping Manager
You can define groups and add resources to them to create an organizational structure that facilitates
managing your network. The EPICenter software provides several predefined groups:
• Custom Applications
• Device Groups
• Hosts
• Import Sources
• Port Groups
• Users
You can define your own groups at the same hierarchical level as the predefined groups, or as
subordinate groups (children) of an existing group. You can assign resources to your own user-defined
groups and to the predefined groups, with the exception of Device Groups and Import Sources.
The Device group always has the child group named “Default”. It may or may not have additional
members depending on whether devices have been added to the device groups in Inventory. You
cannot directly add members to Device Groups using the Grouping Manager. This must be done in
Inventory.
Four of the predefined groups—Custom Applications, Hosts, Port Groups, and Users—initially have no
members. Although the latter three groups are provided to help you organize your host, user, and port
resources, they can contain children of any resource type. A Custom Applications group can only
contain port resources. You can create new groups as members of these groups, or add resources of any
type directly to them. The Custom Applications group cannot have hierarchical children.
• Custom Applications may be used to group various L4 resources without requiring ports in the
group to be contiguous or of uniform type. For instance, you can mix UDP and TCP ports in one
group. You can also have sets of contiguous and single ports in the same group.
• Port Groups may be used by the Real Time Statistics applet and the IP/MAC Address Finder applet.
However, these applets do not support hierarchical groups—if you have subordinate groups within a
port group, the subordinate layers are all collapsed into a single layer. Resources of types other than
ports are ignored by these applets.
Port Groups, along with all the other types of groups and resources, may also be used by the
optional Policy Manager module.
• The Hosts and Users groups (either the predefined groups or subordinate groups) may be used by
the optional Policy Manager. This is also true of all user-defined groups. No other EPICenter applets
currently support groups of these types.
In a group that contains resources of different types, the Policy Manager will ignore those resources
that are not relevant to the purpose for which the group has been selected.
The other two predefined groups, the Device Groups group and the Import Sources group, are
restricted in the way they can be used.
Device Groups. The “Device Groups” group contains the device groups and devices known to the
EPICenter inventory database. Device groups are created within the EPICenter Inventory Manager
applet, and devices are added or discovered, and are assigned to device groups, within that applet. All
port resources are also defined in association with the devices known to the Inventory Manager.
• You cannot add resources to or remove resources from the Device Groups group through the
Grouping Manager.
206
EPICenter Software Installation and User Guide
Displaying EPICenter Groups and Resources
• You can add resources that are children of Device Groups group—device groups, devices, and
ports—as members (children) of other groups.
• There is always a device group named “Default”.
Import Sources. The Import Sources group is used to contain resources imported from an external
source, such as a file, NT Domain Controller, or LDAP directory. When you perform an import
operation, the Grouping Manager creates a new group under the Import Sources group, and puts all the
imported resources under that group.
• You cannot add groups or individual resources as children of the Import Sources group except by
using the Import function.
• You cannot remove any of the members (including sub-groups) of an imported group. The imported
group can only be deleted in its entirety, using the Destroy function.
• You can add resources that are children of an Import Sources group as members (children) of other
groups.
Resource Attributes
Attributes are name and value pairs that you can use for a variety of purposes. You can associate
attributes with both groups and individual resources, including resources that are members of the
Device Groups and Import Sources groups.
Some predefined resources, such as devices and imported resources, may also have predefined
attributes. For example, device resources have their IP address as an attribute. Imported resources may
bring with them sets of attributes determined by the content and configuration of the import source.
Certain attributes, such as IP/subnet address. L4 and Netlogin ID are used by the optional Policy
Manager applet to allow it to map between high-level named resources, such as Users, and the
information required to generate a QoS policy (IP address and port information).
You can also define attributes of your own, and then use them as search criteria when you want to find
sets of resources with common attributes.
Relationships between Resources
The Grouping Manager also supports “relationships” between User, Host, and Port resources. These
relationships are used by the optional Policy Manager applet, and help the Policy Manager generate
specific QoS rules that it derives from high-level policy specifications that are given in terms of named
objects such as users or hosts. See the EPICenter Policy Manager Software User Guide for details.
Displaying EPICenter Groups and Resources
When you click the Groups button in the Navigation toolbar, the main Grouping Manager window is
displayed, showing Resource Details for the root-level group. Figure 90 shows the Grouping Manager
window with a number of the groups expanded to show their children.
EPICenter Software Installation and User Guide
207
The Grouping Manager
Figure 90: Resource Details view
Groups Children
Device Resources
Tab to display Children
or Relationships
Tab to display
Attributes
The Component Tree on the left shows the currently-defined resources. Initially, this shows only the
root-level group named “Groups.” Click on the plus sign to the left of a resource to display the children
of that resource.
Children can be individual resources (devices, hosts, users, or ports) or groups. The icons indicate the
type of resource:
indicates a general-purpose group.
indicates a custom application.
indicates a device group.
indicates a host resource.
indicates a user resource.
indicates a VLAN resource.
Devices, slots, and ports are indicated by icons that vary based on the specific device model and port
type. The icons are the same as are used in the Component Tree of the Inventory module and other
EPICenter modules. Although slots appear in the Component Tree, they are not true resources, and
cannot be children of groups within the Grouping Manager.
VLANs may appear as children in the Component Tree. However, unlike devices and Device
Groups, VLANs will appear in this list only after they have been specifically added as children of a
group. VLANs known to EPICenter but not used as children of a group will not appear in this list.
208
EPICenter Software Installation and User Guide
Displaying EPICenter Groups and Resources
Resource Details
The Resource Details display in the main panel shows the following information for the group (or
resource) that is selected in the Component Tree on the left:
• Name—The name of the Resource.
For ports, the name of the port is the Device name followed by the port number. For example, S1 3 is
the name of port 3 on the device named S1.
• Description—A description of the resource (optional for user-defined resources).
— For Device Groups, this is the description entered for the group in the Inventory Manager.
— For devices, this is the device description (sysDescr variable) if present in the agent.
— For ports, this is the interface description ( ifDescr variable) if present in the agent.
— For VLANs, this contains the protocol and tag information.
• Type—The type of resource (Group, Device, Host, Port, User, VLAN).
Note that if you select a slot under a chassis device in the tree, the Resource Details window displays
it as a “Slot” resource. However, a slot is not a true resource in that it cannot be added as a child of a
group— its ports can be used as resources, but the slot as an entity cannot.
• Source—The origin of the resource. The source determines what actions are allowed relative to the
resource, this can be one of the following:
— EPICenter indicates that the resource was defined by the EPICenter software: either by the
Grouping Manager in the case of the predefined groups, or by another EPICenter applet in the
case of device group, device, port, or VLAN resources. You cannot modify these resources or their
children (if they are groups) through the Grouping Applet.
— Manual indicates that this is a user-defined resource, created within the grouping applet using
the New button. These resources can be deleted from the Grouping Manager using the Destroy
function. The exception is the three predefined groups, Hosts, Users, and Port Groups, which are
considered Manual resources but cannot be destroyed. If the user-defined resource is a group,
you can add and remove children as desired.
— Imported resources are assigned a source name as part of the Import process. See “Importing
Resources,” on page 225 for more information.
User-defined (Manual) resources can be deleted using the Destroy function. System-defined
(EPICenter) and imported resources cannot be deleted, although they can be removed as children of
other groups to which you have added them. See “Deleting Resources,” on page 213 for more
information on deleting resources, and “Removing A Child Resource from a Group,” on page 216 for
more information on removing resources from groups.
• Unique Name—A name that uniquely defines this resource within the Source scope. For
user-defined resources (Source is Manual) this will always be blank.
— For pre-defined resources, the Unique Name is the same as the Resource Name.
— For device resources, the Unique Name is the device IP address.
— For port resources, the Unique Name is the IP address of the device followed by the port number.
For ports on a chassis device, the port number combines the slot number and the port number.
— For resources imported from a file or LDAP directory, the Unique Name is specified in the input
process, and may be different from the Resource Name.
Below these fields there are two tabbed pages whose contents depends on the type of resource being
displayed.
EPICenter Software Installation and User Guide
209
The Grouping Manager
• For Groups, you can view a list of Children of the group. This lists the resources (individual
resources or subordinate groups) associated with the selected group. For each child, the list includes
the resource name, its type, and its source.
• For User, Port and Host resources, you can view a list of Relationships for the resource. This
displays a list of other resources related to the selected resource.
• For all types, you can view a list of the Attributes associated with the resource. The exception is the
top level (root) node, “Groups,” which has no attributes.
Resource Filtering
The field at the top of the Component Tree provides a drop-down menu from which you can select a
filter to apply to the Component Tree display. This filter controls the types of resources that are
displayed as subcomponents of the groups in the tree. This feature is useful when you have a large
number of resources of various types, and lets you limit the display to resources of a specific type in
which you are interested.
Groups are always displayed. The following filter choices determine the types of individual resources
that will be displayed within the groups:
• All allows resource children of all types to be displayed.
• Devices shows only the Device resources within the groups.
• Hosts shows only Host resources within the groups.
• Ports shows only Device and Port resources within the groups.
• Users shows only User resources within the groups.
• VLANs shows only VLAN resources within the groups.
Grouping Manager Functions
The buttons in the navigation bar at the top of the page provide the following functions:
• New lets you create a new Group, User, or Host resource.
• Destroy lets you delete a user-defined resource. This completely eliminates the resource from the
EPICenter database, as well as removing it from all groups of which it was a member. This is not the
same as removing a resource from an individual group. You cannot destroy system-defined
resources or individual imported resources. You can only destroy imported resources by destroying
the entire Import Source group.
• Import lets you import resources from an external source such as an NT Domain Controller, LDAP
database, or a specially-formatted text file.
• Find lets you find a resource based on a set of search criteria that can include a resource name,
description, type, source, or attribute value.
• Help displays on-line help for the Grouping Manager and the Resource Details display.
These functions are described in detail in the following sections.
210
EPICenter Software Installation and User Guide
Creating a New Resource
Creating a New Resource
You can create new groups and add new User and Host resources through the New Resource function.
You can also associate attributes with the resource during this process.
This function creates a new resource. To add an existing resource to an existing group, see “Adding a
Resource as a Child of a Group,” on page 213.
NOTE
You cannot add resources of any type to the Device Groups or Import Sources groups, or any
subgroups within those groups.
To add a new resource, do the following:
1 In the Component Tree, select the Group to which you want the resource added. To add a new
group at the highest level, select the root “Groups” node. The new resource will be added as a child
of the group you select.
If you plan to add User or Host resources, it is suggested that you add these initially to the User or
Host groups, or to another group you have created, rather than to the root-level group. Once you’ve
created a resource, you can add it as a child of other groups. For example, a User resource “Fred”
can be a member of both the group “Marketing” and the group “Chicago.”
2 Click the New button at the top of the Grouping Manager window.
The Add a New Resource to Group window, as shown in Figure 91, is displayed.
Figure 91: Adding a new resource
3 Enter identifying information in the fields at the top of the dialog:
— Resource Name—A name for the resource. The name can include any characters except a colon.
— Resource Type—For all groups except Custom Applications, select a type (Group, User, or Host)
from the drop-down menu. If you are creating this resource as a member of the Custom
Applications group, the type defaults to Application and may not be changed. If you are creating
this resource as a member of the Hosts group, the type defaults to Host. If you are creating it as a
EPICenter Software Installation and User Guide
211
The Grouping Manager
member of the Users group, the type defaults to User. Otherwise, the type is set to Group by
default. For groups other than Custom Applications, you can change the group type.
— Resource Description—an optional description of the resource
4 Define any attributes that you want to associate with this resource. Attributes are name-value pairs
that can be used as search criteria, and are used by the EPICenter Policy Manager. For a more
detailed explanation of attributes, see “Adding and Removing Attributes,” on page 219.
a Enter the name of the attribute in the Name field.
b Select an attribute type from the drop-down list in the Type field:
Generic—Any attribute not specified as one of the other two types. The value is a string. You can
use this attribute to classify your resources in any way you want, for search purposes.
IP/Subnet—This attribute specifies an IP address and subnet mask. For Host or User resources,
this attribute may be used by the Policy Manager.
Netlogin ID—This attribute specifies a Netlogin ID (user ID or host ID) that can be detected by
Netlogin in the switch. Netlogin ID attributes are most commonly created when a resource is
imported from an external source such as an NT Domain Controller or NIS that contains user and
host information.
For Host and User resources, this attribute may be used by the EPICenter Policy Manager. If
Netlogin is enabled on the switches in your network, attribute and relationship information
(mappings between users, hosts, and IP addresses) for host and user resources with Netlogin IDs,
will be maintained automatically.
L4—This attribute is used only for Custom Applications. It is the only Type that is allowed for
this kind of group.
c
Enter a value for the attribute:
For a Generic attribute, enter a string.
For an IP/Subnet attribute, fill in the fields provided, and edit the subnet mask specification as
appropriate.
For a Netlogin ID, enter a string. In order to be recognized correctly by the Netlogin in Extreme
switches, this should be the user name (login name) or host name as known within the network.
For L4, enter a valid UDP or TCP port or range of ports using the format
[UDP|TCP]/[<portNum>|<minPortNum-maxPortNum>]. The first section of the format requires
you to specify UDP or TCP. The second part allows you to specify either a single valid port of the
type chosen, or a range of ports separated by a dash. For example, the following are valid entries:
UDP/234 and TCP/23-45.
d To add this attribute to the list of attributes associated with this resource, click the Add Attribute
to Resource button
.
e To remove an attribute from the list of attributes, select the attribute in the list and click the
Remove Attribute from Resource button
.
5 When you have finished entering attributes, click the OK button to save your new resource
definition.
To close this dialog without saving the resource definition, click the Cancel button.
212
EPICenter Software Installation and User Guide
Deleting Resources
Deleting Resources
The Destroy button in the Grouping Manager toolbar lets you delete user-defined resources from the
EPICenter database. The destroy function removes the resource from the database entirely, removing it
from all groups where it exists as a child.
NOTE
You can only destroy resources whose source is “Manual” (except for the predefined groups) and the
root groups of imported resources. You cannot destroy the predefined groups, system-defined resources
(devices, device groups, or ports) whose source is EPICenter, or individual imported resources (where
the source is a file, LDAP database etc.). If you select a resource you cannot delete, the Destroy button
will not be available.
To delete a user-defined resource do the following:
1 Select the resource in the Component Tree.
2 Click the Destroy button on the toolbar.
A confirmation dialog will be displayed. Click OK to confirm that you want to delete this resource.
If you delete a group, any orphaned children of the group (resources that are not members of any other
group) are also deleted.
If you delete a Host or User, all relationships to other resources are also deleted.
To remove a resource as a child of a group, use the Remove function, see “Removing A Child Resource
from a Group,” on page 216. This just removes the parent-child relationship with the group, but does
not delete the resource from the database.
Adding a Resource as a Child of a Group
NOTE
You cannot add Resources as a Child of a Group for Custom Applications.
A group’s children are individual resources or subordinate groups that will be manipulated or managed
together. A resource is placed into a group as it is created— either the root-level group, or the group
that was selected when it was created. However, because a resource can be a member of multiple
groups, you may wish to add an existing resource to an additional group, or move it to a different
group. To add a resource to a group, you select the resource from a list of the resources that are
currently defined in the EPICenter database.
You can add individual resources as children of a group, or you can add groups as children. You cannot
add an ancestor group as a child of one of its subordinate groups. You cannot have subordinate groups
of Applications below the Custom Applications group.
When you add a group as a child of another group, all members of the sub-group (its children) are
considered members of the higher level (ancestor) group. As membership in the sub-group changes, so
does the membership in the higher level (ancestor) group. This can have important effects when a
group is used by another EPICenter module. For example, suppose you create group “A” that contains
EPICenter Software Installation and User Guide
213
The Grouping Manager
two groups of hosts “HostsA” and “HostsB”, and then use group A in defining access list policies
through the Policy Manager. The Policy Manager will generate access list rules for traffic related to all
the hosts in groups HostsA and HostsB. If you subsequently change the membership of HostsB, and
auto-configuration of policies is enabled in the Policy Manager, the QoS rules that define the access lists
will automatically be recomputed and reconfigured. (See the EPICenter Policy Manager Software User
Guide for more information on this optional module).
Adding resources to a group as individuals is a more static relationship—resources remain as children
until they are explicitly removed from the group (or deleted from the EPICenter database).
To add a resource or group of resources to a higher-level group, do the following:
1 In the Component Tree, select the group to which you want to add the resource, so that the group’s
information is displayed in the Resource Details view.
2 Click the tab labeled Children to display the list of children belonging to this group.
3 Click the Add button at the bottom of the list of Children to display the Add Resources to Group
pop-up dialog, as shown in Figure 92.
Figure 92: Adding Resources to a Group
This window has two parts:
— A display of the resources in the EPICenter database that are available to be added to the group.
— A list of the resources you have selected to add.
4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand
side of the dialog window. You can make your selection from either side of the panel.
The Select Resources to be Added panel is split into two parts:
— The Component Tree in the left half of the panel displays the groups that contain resources of
interest. It may include devices if you have filtering set to display port resources.
The drop-down menu field at the top of the Component Tree lets you select a filter to apply to
the resource display. This filter controls the types of resources that are displayed as
subcomponents of the groups in the tree.
214
EPICenter Software Installation and User Guide
Adding a Resource as a Child of a Group
Groups are always displayed. The following filter choices determine the types of individual
resources that will be displayed within the groups:
Show All allows resource children of all types to be displayed.
Show Devices shows only Device resources within the groups.
Show Hosts shows only Host resources within the groups.
Show Ports shows only Device and Port resources within the groups.
Show Users shows only User resources within the groups.
Show VLANs shows only VLAN resources within the groups.
— The resource list in the right half of the panel displays the resources available within the group
you have selected in the Component Tree.
5 Select one or more resources from the list of individual resources, or select a resource group or
device from the left-hand list.
6 Click the Add button
to add your selections to the Resource Results list. You can select a
group in the Component Tree or one or more groups or individual resources from the resource list.
Click the Add All button
Resource Results list.
to add all the individual resources in the right-hand list to the
NOTE
There is an important difference between adding individual resources as children of a group, and
adding a group as a child of another group. Adding a group to the results list does not have the
same effect as selecting the group in the Component Tree, and then adding its children using the
Add All button.
When you add a group as a child of another group, all members of the subgroup (its children) are
considered members of the higher level (ancestor) group. As membership in a subgroup changes,
so does the membership in the higher level (ancestor) group. Resources added individually, on the
other hand, remain as children until they are explicitly removed from the group (or deleted from the
EPICenter database).
To search for a resource using the Query function, click the Find button. You can add the results of
your query directly into your Resource Results list by selecting the resources you want to add and
clicking the Add button at the bottom of the Query window. See “Searching for a Resource,” on
page 221 for more information on the Find function.
7 You can remove resources from the Resource Results list if you change your mind about your
selections.
Select one or more resources in the Resource Results list, and click the Remove button to remove the
selected resources, and return them to the Resources to be Added list.
Click the Remove All button to clear the Resource Results list.
8 Click OK to add the resources in the Resource Results list to the list of children for this resource, or
Cancel to cancel the Add function.
EPICenter Software Installation and User Guide
215
The Grouping Manager
9 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving,
the Grouping Manager will prompt you to save your changes. However, you can add and remove
children and attributes to the group you have selected in multiple operations before you save.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this
group.
Removing A Child Resource from a Group
If you have added a resource as a child of a group, you can remove the resource from that group using
the Remove function. This removes the parent-child relationship between the resource and the group.
This does not remove the resource from the EPICenter database, unless it is a user-defined resource and
this is the only instance of the resource. (Removing all instances of a resource is the equivalent of
destroying the resource.)
To remove a resource from a group, do the following:
1 Select the parent group in the Component Tree to display the group in the Resource Details window.
2 Select the Children tab to display the resources that are children of the group.
3 Select the resource you want to remove.
4 Click the Remove button at the bottom of the window.
5 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving,
the Grouping Manager will prompt you to save your changes. However, you can add and remove
children and attributes to the group you have selected in multiple operations before you save.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this
group.
Note that you can also remove resources by locating them using the Find function, and removing them
using the search results list. See “Searching for a Resource” on page 221 for more information on the
Find function.
Removing a resource from all groups of which it is a member is the equivalent of destroying the
resource.
Adding Relationships to a Resource
Individual resources cannot have children. However, certain types of resources (Hosts, Users, or Ports)
can have relationships. Devices cannot have either relationships or children.
For example, a Host may have a relationship with a User, which indicates that the User is associated
with the IP address of that Host. A Host may also have a relationship with a port, indicating that the
host communicates over that port.
216
EPICenter Software Installation and User Guide
Adding Relationships to a Resource
These relationships may be used by the Policy Manager applet to create low-level QoS policy rules
based on named higher-level objects such as users and hosts. Relationships can be created between the
following:
• Hosts and Users
• Hosts and Ports
• Users and Ports
These relationships are always reciprocal: when you create a relationship between two resources, it is
added simultaneously to both resources.
1 In the Component Tree, select the resource to which you want to add a relationship, so that it is
displayed in the Resource Details view.
2 Click the tab labeled Relationships to display the list of children belonging to this group.
3 Click the Add button at the bottom of the list of Children to display the Add Relationship to Group
pop-up dialog, as shown in Figure 93.
Figure 93: Adding Relationships to a Resource
This window has two parts:
— A display of the resources in the EPICenter database that are eligible to be used in a relationship.
— A list of the relationships you’ve selected to add to the resource.
4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand
side of the dialog window. You can make your selection from either side of the panel.
The Select Resources to be Added panel is split into two parts:
— The Component Tree in the left half of the panel displays the groups that contain resources of
interest.
The drop-down menu field at the top of the Component Tree lets you select a filter to apply to
the resource display. You can filter the resources that will be presented as children of the groups
in the tree.
EPICenter Software Installation and User Guide
217
The Grouping Manager
Show All allows resource children of all types to be displayed.
Show Devices shows only Device resources. (However, devices cannot be used in relationships,
so nothing is displayed if you select this filter.)
Show Hosts shows only Host resources.
Show Ports shows only Device and Port resources.
Show Users shows only User resources.
Show VLANs shows only VLAN resources. (However, VLAN resources cannot be used in
relationships, so nothing is displayed if you select this filter.)
— The resource list in the right half of the panel displays the resources available within the group
you have selected in the Component Tree. It will display only the types of resources that are
eligible to have relationships (host, users, and ports).
5 Select one or more resources in the list, and click the Add button
to add your selections to
the Resource Results list. You can select a group in the Component Tree or one or more groups or
individual resources from the resource list.
Click the Add All button
Resource Results list.
to add all the individual resources in the right-hand list to the
To search for a resource using the Search function, click the Find button. You can add the results of
your query directly into your Resource Results list by selecting the resources you want to add and
clicking the Add button at the bottom of the Search window. See “Searching for a Resource,” on
page 221 for more information on the Find function.
6 You can remove resources from the Resource Results list if you change your mind about your
selections.
Select one or more resources in the Resource Results list, and click the Remove button to remove the
selected resources, and return them to the Resources to be Added list.
Click the Remove All button to clear the Resource Results list.
7 Click OK to add the resources in the Resource Results list to the list of relationships for this resource.
8 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving,
the Grouping Manager will prompt you to save your changes. However, you can add and remove
relationships and attributes in multiple operations on the resource you have selected before you
save.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this
group.
Removing Relationships from a Resource
To remove a relationship between two resources (Hosts, Users, or Ports) do the following:
1 In the Component Tree, select one of the resources that is involved in the relationship, so that the
resource is displayed in the Resource Details window.
2 Select the Relationship tab to display the relationships for the resource.
3 Select the relationship you want to remove.
218
EPICenter Software Installation and User Guide
Adding and Removing Attributes
4 Click the Remove button at the bottom of the window. The relationship will be removed both from
the resource you are viewing, and from the other resource involved in the relationship.
For example, if Host resource “HostB” has a relationship with user resource “Watson” the
relationship will appear in the relationship list of both resources. If you display the relationships for
resource HostB, and remove the relationship with user Watson, the relationship will be removed
from the relationship lists of both HostB and Watson.
5 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving,
the Grouping Manager will prompt you to save your changes. However, you can add and remove
relationships and attributes in multiple operations on the resource you’ve selected before you save.
Click the Cancel button at the bottom of the window to cancel the changes you’ve made to this
group.
Removing a relationship does not affect the group memberships of either resource.
NOTE
If you destroy a resource, any relationships with that resource will automatically be removed from the
other resources involved.
Adding and Removing Attributes
Any resource (individual resources or groups) can have attributes. Attributes are simply name-value
pairs that can be used for a number of purposes.
There are four types of attributes:
• Generic—A user-defined attribute not specified as one of the other two types. The value is a string.
You can use this attribute to classify your resources in any way you want, for search purposes.
• IP/Subnet—An IP address and subnet mask. This attribute may be used by the Policy Manager to
map a User or Host resource to an IP address.
• Netlogin ID—This attribute specifies a Netlogin ID (user ID or host ID) that can be detected by
Netlogin in the switch. Netlogin ID attributes are most commonly created when a resource is
imported from an external source such as an NT Domain Controller or NIS that contains user and
host information.
For Host and User resources, this attribute may be used by the EPICenter Policy Manager. If
Netlogin is enabled on the switches in your network, attribute and relationship information
(mappings between users, hosts, and IP addresses) for host and user resources with Netlogin IDs
will be maintained automatically.
• L4—This attribute specifies a UDP or TCP port or range of ports. This attribute is used to specify the
port(s) for an application. This type of group is only available to Custom Applications. Specifying
multiple L4 attributes for an Application resource allows the Application resource to reference
different types of ports which are not contiguous.
EPICenter Software Installation and User Guide
219
The Grouping Manager
To view the attributes associated with a resource, do the following:
1 Select the resource in the Component Tree, so that it is displayed in the Resource Details view.
2 Click the Attributes tab. This will display the attributes (if any) associated with the resource, as
shown in Figure 94.
Figure 94: Resource attribute display
To add an attribute to the displayed resource, do the following:
1 Make sure the Attributes page is displayed. If it is not, the Add button will not be present.
2 Click the Add button
.
The Add Attributes pop-up dialog appears, as shown in Figure 95.
Figure 95: Adding attributes to a resource
220
EPICenter Software Installation and User Guide
Searching for a Resource
3 Enter the name of the attribute in the Attribute Name field.
4 Select an attribute type from the drop-down list in the Attribute Type field. You can choose from the
first three for all groups but Custom Applications. For Custom Applications, L4 is the only allowed
attribute type:
Generic—Any user-defined attribute other than an IP Address or Netlogin ID.
IP/Subnet—An IP address and subnet mask.
Netlogin ID A User ID or Host ID as it will be detected by Netlogin in the switch.
L4—A valid UDP or TCP port or range of ports.
5 Enter a value for the attribute:
For a Generic attribute, enter a string.
For an IP/Subnet attribute, fill in the fields provided, and edit the subnet mask specification as
appropriate.
For a Netlogin ID, enter a string. In order to be recognized correctly by Netlogin in Extreme
switches, this should be the user name (login name) or host name as known within the network.
For an L4 attribute enter a single UDP or TCP port or a range of UDP or TCP ports using the
following format: Type/range. For example, both TCP/45 and UDP/34-56 are valid entries.
6 CLick OK to enter the attribute into the attribute list.
7 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving,
the Grouping Manager will prompt you to save your changes. However, you can add and remove
relationships and attributes in multiple operations on the resource you’ve selected before you save.
Click the Cancel button at the bottom of the window to cancel the changes you’ve made to this
group.
To remove an attribute from the list of attributes, do the following:
1 Select one or more attributes you want to remove.
2 Click the Remove button
.
3 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this
group.
Searching for a Resource
If you have a large number of resources defined in your EPICenter database, it may be cumbersome to
find a specific resource in the Component Tree. In addition, you may want to be able to quickly identify
all the resources that share a certain attribute. The Grouping Manager’s Search function lets you find
resources using any of the resource information fields as well as attributes as search criteria.
A search can be initiated either from the main toolbar, or by using the Find button in the Add Resource
or Add Relationship pop-up windows. Setting up and executing the search is the same regardless of
EPICenter Software Installation and User Guide
221
The Grouping Manager
where you initiate the search; however, the actions you can take with the results differ depending on
where you started from.
The Search Results provide you with the name of the resources that match your criteria, and the paths
(group hierarchy) to where the resources reside within your search scope.
• If you initiate the Search from the main toolbar, you can select one or more resource in the result list,
and remove them from their parent groups. See “Searching from the Main Toolbar,” on page 224 for
more information. You can double-click a resource in the results list to see where it is located in the
Component Tree.
• If you initiate the search from an Add Relationship or Add Resource window, you can select one or
more resources in the result list and add them to the Resource Results list in the Add Resource or
Add Relationship window. See “Searching from the Add Resources or Add Relationship Window,”
on page 225 for more information.
Setting up a Resource Search
To search for resources that match criteria you specify, do the following:
1 Click the Find button in the toolbar at the top of the main Grouping Manager window, or click the
Find button in the Add Relationship or Add Resource pop-up windows.
The Search Criteria window is displayed, as shown in Figure 96.
Figure 96: Searching for a resource
The top half of the window is used to specify your search criteria. The Component Tree is used to
define a scope for the search.
222
EPICenter Software Installation and User Guide
Searching for a Resource
The bottom half of the window contains the results of the search. You can limit the number of results
you want to receive in the case of a search that could yield a large number of matches.
2 Enter your search criteria using the fields in the top part of the window. A resource will match the
query if it meets all the criteria specified in this section:
— <ANY> specifies a wildcard match, meaning that any and all values for this item will produce a
match. There are also two other ways to indicate a wildcard match:
• The asterisk character * used by itself.
• A blank field.
— For Resource Name, Resource Description, and Resource Source, enter a string to specify the
value you want to match. You can specify a partial match using the wildcard characters * and ?.
• An * indicates a wildcard match of unspecified length. Specifying a Resource Name as “A*n”
will find all Resources whose names start with “A” and end with “n.” This would include
Ann, Alan, Allen, Allison, and so on. Using the * by itself is the same as specifying <ANY>.
• A ? indicates a single character wildcard. Specifying a Resource Name as “A?n” will find all
Resources whose name start with “A”, and with “n” and having exactly one character in
between. This would include Ann and Ayn, but not Alan, Allen or Allison.
— For Resource Type, select a specific type from the drop-down menu, or use <ANY> to match on
all types.
NOTE
The values you enter into the search criteria fields are combined using a Boolean AND. This means
a resource must match all the criteria you specify in these fields in order be included in the search
results.
3 Enter any attribute specifications you want to use as search criteria. The process is similar to that
used to add attributes to a resource. A resource will match the query if it matches any of the
attributes specified in this section:
a Enter an attribute name or a partial name using the * and ? wildcard characters.
b Select an attribute type from the drop-down list in the Type field, or select <ANY> to match all
attribute types.
c
Enter a value you want to match, or a partial match using the * and ? wildcard characters.
d Click the Add button,
, to add the attribute specification to the Attribute Criteria list.
e To remove an attribute search criteria you
have added to the Attribute Criteria list,
select the attribute and click the Remove button
.
NOTE
Attributes used as search criteria are combined using a Boolean OR. This means that a resource
that matches all the criteria specified in search criteria fields (in the top part of the window) and that
matches any one (or more) of the attribute criteria, will be included in the search results.
4 Specify a Scope for the search from the Component Tree at the left side of Search Criteria area. The
scope will limit the search to the group you select, and its subordinate groups. By default the scope
is set to the root-level group “Groups,” which means all groups will be searched.
EPICenter Software Installation and User Guide
223
The Grouping Manager
5 To reset all the criteria to their defaults (<ANY>) and to clear the Attribute Criteria list, click the
Reset button at the bottom of the window.
6 At the top of the Results portion of the window, select from the drop-down menu a limit for the
number of matches you want to see. All indicates you want to see all matches. You can limit the
results to 1, 10, 50, or 100 matches. The actual number of matches found will be displayed next to
this field.
7 Click the Query button to initiate the search. The results will be displayed in the bottom portion of
the window. The list will become a scrolling list if the number of results requires it.
For each match, the results will display the following:
— Resource ID: a unique internal number provided by the EPICenter software. This may be useful
to distinguish between resources if you happen to have created several resources with the same
name.
— Resource Name: the name of the resource
— Path: the path through the Group hierarchy to the location of the resource.
Note that an individual resource (i.e. the same Name and ID) may appear multiple times in this list
if it is a child of multiple groups.
Once the list is complete, you can select resources in the Results list and take actions, depending on
how you initiated the Find function. The buttons at the bottom of the window are slightly different
depending on where you initiated the Find. See the following sections, “Searching from the Main
Toolbar,” and “Searching from the Add Resources or Add Relationship Window,” on page 225, for
details on how you can use the results of the search.
Searching from the Main Toolbar
When you initiate a search from the Main Toolbar, you can use the results to determine where a
resource is used—i.e. to find out what groups it belongs to. Since a resource can be a child of multiple
groups, this lets you identify all the parents of a particular resource. In particular, before you delete a
resource from the EPICenter database, you may want to make sure that you know all the places it is
being used to avoid problems when you remove it. Once you find a resource using the Find function
from the main toolbar, you can remove instances of the resource directly from the Find window.
Setting up a search is the same regardless of where you initiate the Find function. This is describe in the
section “Setting up a Resource Search,” on page 222.
To remove resources you have identified with the Search function, do the following:
1 Select and highlight the resource or resources you want to remove.
You can double-click on the resource and its location is highlighted in the Component Tree.
2 Click the Remove button to remove those resources from the locations specified in the Results
entries you’ve selected.
The results list may present multiple entries for a given resource, if the resource is a child of multiple
groups. You can remove a resource from specific groups on an individual basis without removing it
from the EPICenter database.
The Remove function is subject to the same restrictions as removing resource children through the
Resource Details window. If the resource is a system or imported resource (its source is EPICenter, a
file, LDAP database etc.) you cannot remove the resource from it’s “home” group—the group in which
224
EPICenter Software Installation and User Guide
Importing Resources
it was initially created. If the function is a user-defined resource (source is “Manual”), removing it from
all groups will delete it from the EPICenter database.
When you are finished, click the OK button to close the window.
Searching from the Add Resources or Add Relationship Window
When you initiate a search from the Add Resources or Add Relationship window, you can identify
resources with a common set of attributes, which can simplify the process of finding the attributes you
want to include in a group. Once you find a set of resource using the Find function from the Add
Resources or Add Relationship windows, you can add those resources directly from the Find window to
the Resource Results list of the “Add...” window.
Setting up a search is the same regardless of where you initiate the Find function. This is describe in the
section “Setting up a Resource Search,” on page 222.
NOTE
When you do a search from the Add Resources or Add Relationship windows, the results will include
only those resources that are relevant to the Add function you are performing.
To add resources you have identified with the Search function to the Resource Results list of the Add
Resources or Add Relationship windows, do the following:
1 Select and highlight the resource or resources you want to add.
2 Click the Add button to add those resources to the Resource Results list.
The selected resources are added to the list, and the Search window is closed.
To close the Search window without adding any resources, click the Cancel button.
Importing Resources
The Import feature allows you to import user and host resource definitions, and groups containing
those resources, from a source external to the EPICenter system. You can import from an NT Domain
server, an NIS server, or an LDAP directory. You can also import host and user resource definitions from
a tab-delimited text file.
• Importing from a text file requires a tab-delimited file in a very specific format.
• Importing from an LDAP directory requires an import specification file that defines how to map
entries in the LDAP directory to resources and their attributes.
• Importing default domain information from an NT Domain server or an NIS server does not require
any special preparation.
NOTE
If you import information from an LDAP server or NT Domain Controller, that information will become
visible to all EPICenter users. If this is a security concern, you may want to consider exporting
information from the NT Domain Controller or LDAP directory to a file, and using that to create an
import file that contains only the information that you want to be visible through EPICenter Grouping
Manager.
EPICenter Software Installation and User Guide
225
The Grouping Manager
Imported resources are placed under a group created in the Import Sources group (one of the
pre-defined EPICenter groups). The name you specify in the Source Name field of the Import dialog
will be used as the group name.
You can perform the same import operation (importing from the same source) multiple times. Once an
import is complete, subsequent imports from the same source will act as an update:
• Existing resources will be left intact (including any attributes you may have added).
• New resources will be added.
• Resources that have been removed from the source will be deleted from the EPICenter database.
• Changes is group memberships and changes in relationships will be enacted.
To import resources from an external source, do the following:
1 Click the Import button in the toolbar at the top of the main Grouping Manager window. The
Import Resources window is displayed (see Figure 97).
Figure 97: Importing resources
2 Select the type of source from which you want to import information.
— Select NT Domain Controller/NIS to import information from the default Windows Domain
Controller or NIS server. This will import information about users, hosts (stations), and user
groups. See “Importing from an NT Domain Controller or NIS Server” on page 232for more
detailed information.
— Select LDAP to import information from an LDAP directory.
See “Importing from an LDAP Directory” on page 227for information on modifying the file
containing the LDAP import mapping specification.
— Select File to import information from a tab-delimited text file.
See “Importing from a File” on page 228for information on creating the import text file.
— In the Source Name field, enter a name that will identify the source of the imported resources.
This name is used for two purposes:
• It is used to create a group under which all the resources imported in this operation are
placed. The group is created under the Import Sources group.
• It appears in the Source field of the Resource Details view, or in the Source column when the
resource is displayed as a child of group, for all resources imported from this source. It can be
used as a search criteria in the Find function.
3 Click Import to begin the import process. The import button will not be enabled until you enter a
source name.
Progress during the import will be displayed in a pop-up window, as shown in Figure 98.
226
EPICenter Software Installation and User Guide
Importing Resources
Figure 98: Monitoring the progress of an Import function
4 When the process has completed, click OK.
If you are importing from a large source, the import process can take several minutes.
The new group and resources will be available under the Import Sources group in the Component
Tree.
If errors occur in the import process, it is possible that no data will be imported. This can result in an
empty import group in the Import Sources tree. Once you fix the problems, you can rerun the import.
Importing from an LDAP Directory
The EPICenter Grouping Manager supports importing groups, users, and hosts from a LDAP directory.
The import process uses a TCL script to extract the requested data from the LDAP directory, and create
a text file that specifies how the resources should be added to the EPICenter database. This file is in the
same format as the import file discussed in “Importing from a File” on page 228.
The import process uses an import specification file that defines the following:
• The information you want to extract from the directory.
• How to map that data to groups, resources, and attributes in the EPICenter Grouping module.
The specification file must be named LDAPConfig.txt, and must reside in the EPICenter user/import
directory.
You can use the LDAPConfig.txt file provided in the EPICenter user/import directory as a template.
You should only need to modify three lines in this file:
host: the name of the host where the directory resides.
user: the username, if required, to allow access to the directory.
password: the password, if required, to allow access to the directory.
NOTE
The information below is provided as an aid to importing data from LDAP directories with schemas that
differ from the template provided.However, Extreme Networks cannot provide support for modifications
to the template file other than the three changes mentioned above.
EPICenter Software Installation and User Guide
227
The Grouping Manager
If your LDAP directory is organized differently, you can modify the LDAPConfig.txt file to meet your
individual needs. This requires that you understand the organizational structure of the directory from
which you want to import data.
The LDAPConfig.txt file must include the following entries:
base: specifies the LDAP naming context. Leave this blank to use the default LDAP naming context.
This is required.
attributes: specifies the attributes that you want to import into the EPICenter database from
entries in the LDAP directory. By default, all imported attributes are considered type Generic.You
can specify an EPICenter attribute type (Generic, IP/subnet, or Netlogin ID) by enclosing both the
attribute name and the EPICenter attribute type in curly brackets, as shown: {uid {Netlogin ID}}.
This is required.
uniqueID: specifies the attribute that should be used in the EPICenter database as the ID for this
resource. This is required.
scope: the scope of the search (base, sub, one). This is required.
groupBy: the attribute that should be used to create EPICenter sub-groups within the imported
group structure. This is optional.
memberNameAttribute: the attribute that should be used to define the child entry in a group.
resourceName: the attribute that should be used as the displayed name of the resource within the
EPICenter Grouping Manager. This is required.
filterList: defines the search criteria. Because of the limits on the amount of data that a search
will return in one operation, you may need to split your search into multiple operations, as is done
in the example file. This is required.
objectClassMapping: this maps an LDAP entry to a Grouping Manager resource type based on the
object class of the entry. You will need multiple entries of this type. The name-value pair contains the
EPICenter resource type on the left, and either the LDAP object class specification or an EPICenter
resource type of the right.
For example, the following line specifies that entries whose object class is “organizationalPerson”
should be imported as user resources.
objectClassMapping: user=organizationalPerson person Top
The following line specifies that user resources can be group members.
objectClassMapping: groupmember=user
At least one mapping specification is required. You can comment out resource types that you don’t
need to use in the sample file, or leave them. They will be ignored if not defined.
Importing from a File
To import data from a text file, you define the resources you want to import in a tab-delimited text file.
The elements on each line are separated by tabs.
The Import File Format
The simplest way to create this file is to enter it in a spreadsheet program such as Microsoft Excel, and
then export it as tab-delimited text.
The elements on each line are separated by tabs.
228
EPICenter Software Installation and User Guide
Importing Resources
Format Definitions.
The first three lines are required. They define the format of the data that follows. The first three lines
are:
#SYNTAX VERSION:1.0
Resource_UniqueName <tab> Resource_Type <tab>Resource_Name [<tab> attribute ... ]
<tab> <tab> <tab> (<attribute_type>) [<tab> (<attribute_type>) ...]
The first line simply defines the version of the import syntax:
#SYNTAX VERSION:1.0
Enter this exactly as specified.
The second line defines the mapping of the data in the file to EPICenter resources:
Resource_UniqueName <tab> Resource_Type <tab> Resource_Name [<tab> attribute ... ]
• The first three items are required,
— Resource_UniqueName specifies that the first field maps to the unique ID.
— Resource_Type specifies that the second field defines the resource type (user, host, group, device,
or port).
— ResourceName specifies that the third field maps to the resource name. This is the name that will
appear as the name of the resource in the Grouping Manager.
• The remaining items on the line define the attributes that can be included for each resource. The
names you specify here will be used as the attribute names in the Grouping Manager.
The third line defines the type of each attribute (Generic, IP/subnet, or Netlogin ID).
<tab> <tab> <tab> (<attribute_type>) [<tab> (<attribute_type>) ...]
Each type specifier must be enclosed by parenthesis, and separated from the preceding type specifier by
a tab. Three tabs must precede the first type specifier.
• The items in this line define the type of each attribute defined in line two. You must include a type
specification for every attribute included in line two.
• The first three items in line two do not require a type (as they are predefined). You skip these by
including the three tabs before the first type specifier.
Resource Definitions.
The remaining lines in the first section define the resources to be imported. Each resource must include
the uniqueID, the resource type, and a name. Attribute values are optional, and will be assigned in the
order presented on the line (separated by tabs). These lines are formatted as follows:
uniqueID1 <tab> <resource_type> <tab> resource_name1 <tab> {attribute <tab> ... }
uniqueID2 <tab> <resource_type> <tab> resource_name2 <tab> {attribute <tab> ... }
...
uniqueIDn <tab> <resource_type> <tab> resource_nameN <tab> {attribute <tab> ... }
• uniqueID will be used as the resource’s unique name. It can be the same or different from the
resource name. For a device, the uniqueID must be the device IP address. For a port it is the IP
address of the device followed by the port number.
• resource_type can be user, host, group, device, or port.
• resource_name is the name that will be displayed as the name of the resource.
EPICenter Software Installation and User Guide
229
The Grouping Manager
• attribute defines the value of the attribute that corresponds to this position in the list.
The combination of uniqueID and resource_type must be unique within this section. Duplicate
definitions generate a warning.
For example, assume the following format definition at the beginning of the import file:
Resource_UniqueName Resource_Type Resource_Name
Location Department
RoomNo
To create a user resource named Judy Jones, with three attributes:
— Location, whose value is Denver
— Department, whose value is Sales
— RoomNo whose value is 3050
Enter a resource definition as follows:
judy user
Judy Jones
Denver
Sales
3050
You cannot use the Import function to create new device or port resources. You can import attributes for
device and port resources, and define relationships for them. The device and port resources must
already exist in the EPICenter database, and the names you specify must match their names in the
database.
See “Resource Details,” on page 209 for more information on the components of a resource.
Group and Relationship Definitions.
The second part of the file defines the relationships between the resources—both group membership
and relationships between the resources themselves (see “Adding Relationships to a Resource,” on
page 216 for more information about relationships).
The #GROUPS# specification is required, even if you do not define any groups.
#GROUPS#
Each line in this section has the following form:
<resource_type>:<resource_uniqueID> <tab> <resource_type>:<resource_uniqueID>
<resource_type>:<resource_uniqueID> <tab> <resource_type>:<resource_uniqueID>
• resource_type can be user, host, group, device, or port. A group that exists in the EPICenter
database (and is not defined in the import file) can be specified as a child of an imported group, but
the reverse is not supported.
• resource_uniqueID is the unique ID defined in the first part of the file (or known to exist already in
the EPICenter database).
For creating group membership relationships, the first type:ID pair defines the parent, the second one
defines the child. Thus, the first pair must always be a group. The second pair can be a group or an
individual resource.
For defining peer-to-peer relationships, (user-host, user-port, and host-port relationships) either member
of the relationship can be specified first.
230
EPICenter Software Installation and User Guide
Importing Resources
Example
The following is an example of an import file.
#SYNTAX VERSION:1.0
Resource_UniqueName Resource_TypeResource_Name IP Address DLCS OSType
Dept
(IP/Subnet)(DLCS ID)(Generic)(Generic)
wendy
user
Wendy Lee
NMS
heidi
user
Heidi Smith
NMS
pam
user
Pam Johnson
SQA
eric
user
Eric Wilson
SQA
mary
user
Mary Baker
NMS
win2k
host1
host2
host3
host4
host
host
host
host
host
win2k
host1
host2
host3
host4
ugr1
ugr2
hgr1
dgr1
switch
portgr
group
group
group
group
group
group
SQA
dev
hostgr1
eng1
switch
portgr
#GROUPS#
group:ugr1
group:ugr1
group:ugr1
user:wendy
user:heidi
user:mary
group:ugr2
group:ugr2
user:pam
user:eric
group:hgr1
group:hgr1
group:hgr1
host:win2k
host:host1
host:host2
group:dgr1
group:dgr1
host:host3
host:host4
10.20.30.2
10.20.30.4
10.20.30.5
10.20.30.6
10.20.30.7
wlee
windows
HPUX
Solaris
windows
Solaris
NMS
NMS
NMS
SQA
SQA
## Host to User Relation
user:wendy
host:win2k
user:heidi
host:host1
user:mary
host:host2
host:host3
user:pam
host:host4
user:eric
EPICenter Software Installation and User Guide
231
The Grouping Manager
Importing from an NT Domain Controller or NIS Server
Importing from an NT Domain Controller or NIS server is straightforward. The import is always done
from the Domain Controller or NIS server that is serving the domain for the system running the
EPICenter server. The type of system you are running will determine where the EPICenter server looks
for the information.
In order to import information from an NT Domain Controller, the EPICenter server must be running
with the appropriate user permissions in order to extract the information from the Domain Controller.
NOTE
If you import information from an NT Domain Controller, that information will become visible to all
EPICenter user. If this is a security concern, you may want to consider exporting information from the
NT Domain Controller to a file, and using that to create an import file that contains only the information
that you want to be visible through EPICenter Grouping Manager.
The import process imports the following information:
• For users: username, fullname, description.
• For hosts: hostname, description, Primary IP address.
• For groups (users only): name, description, usernames of members.
The import process creates a file, import.txt, in the user/import subdirectory.
232
EPICenter Software Installation and User Guide
9
Using the IP/MAC Address Finder
This chapter describes how to use the IP/MAC Address Finder applet for:
• Creating search requests for locating specific MAC or IP addresses on the network, and determining
the devices and ports where they are located.
• Creating search requests to identify MAC and IP addresses on specific devices and ports.
Overview of the IP/MAC Finder Applet
Using the IP/MAC Address Finder applet you can specify a set of Media Access Control (MAC) or
Internet Protocol (IP) network addresses, and a set of network devices to query for those addresses. The
applet returns a list of the devices and ports associated with those addresses. You can also specify a set
of devices and ports, and search for all MAC and IP addresses known to those devices and ports.
The Search Tool lets you configure and start a search task, view the status of the task, and view the task
results. The task specification and results are kept in the task list until you delete them, or until you log
out of the EPICenter client.
When you click the Find IP/MAC button in the Navigation Toolbar, the main IP/MAC Address Finder
page is displayed as shown in Figure 99. Initially there are no search requests displayed.
EPICenter Software Installation and User Guide
233
Using the IP/MAC Address Finder
Figure 99: IP/MAC Address Finder main page
ExtremeWare Software Requirements
The IP/MAC AddressFinder applet requires certain versions of ExtremeWare to be running on your
Extreme Networks switch in order to retrieve data from an IP address or MAC address search task.
Table 7 lists versions of ExtremeWare and whether or not they are currently supported by the IP/MAC
address applet.
Table 7: ExtremeWare Requirements for Using the IP/MAC Address Applet
ExtremeWare Version
Requirements
2.x through 6.1.4
Fully supported using the dot1dTpFdbTable.
6.1.5
Not supported.
6.1.6 through 6.1.9
Supported using the using the dot1dTpFdbTable. Use the enable snmp
dot1dTpFdbTable command to enable the dot1dTpFdbTable on the switch.
6.2 and above
Fully supported using a private MIB.
Tasks List Summary Window
As search tasks are initiated, they are placed in the Find Address Tasks List in the Component Tree.
Selecting the Find Address Tasks folder in the Component Tree displays a summary of the status of the
tasks in the Task List (see Figure 100).
234
EPICenter Software Installation and User Guide
Tasks List Summary Window
Figure 100: Tasks List summary
The Tasks List shows you basic information about the tasks you set up:
• ID is automatically assigned by the EPICenter server
• Name is the name you gave the task when you created it. Giving a task a unique name is important
to distinguish it from other tasks in the Tasks List
• Type is the type of search this will perform. In EPICenter release 4.1, this is always Find Addresses
• Status shows the status of the request
• Date Submitted shows the date and time the task was submitted
• Date Completed shows the date and time the task was finished
From the Tasks List you can perform the following functions:
• Select a Pending task and click Cancel to cancel the task before it has completed
• Select a task and click Delete to delete an individual task. This deletes the task specification as well
as the task results. Once a task has completed, it cannot be rerun unless it is the most recent task
completed
• Select a task and click ReRun to execute the task again
• Select a task and click Clone to bring up the Find Addresses window with the specifications of the
selected task already displayed
• Select a task and click Export to export the task details to a text file. See “Exporting Task Results to a
Text File” on page 240 for more information.
• Select a task and click Export Local to export the task details locally to a text file on your client
system. You can only use this feature if you are running the stand-alone client on your local system.
If you are using the browser-based client, this button will be greyed out. See “Exporting Task Results
to a Text File” on page 240 for more information.
EPICenter Software Installation and User Guide
235
Using the IP/MAC Address Finder
NOTE
The specified tasks and their search results persist as long as you are running the EPICenter client,
even if you leave the IP/MAC Address Finder applet and go to another EPICenter applet. However,
when you exit the EPICenter client, all the task specifications and search results are deleted.
Creating a Search Task
To create a search task, click the Find button
in the tool bar at the top of the IP/MAC Address
Finder page. This displays the Find IP and MAC Addresses window (Figure 101).
NOTE
If you have already submitted a task, the most recent task with its specifications is displayed in the Find
Addresses window.
Figure 101: Find IP and MAC Addresses window
236
EPICenter Software Installation and User Guide
Creating a Search Task
To create a search task:
1 Enter the task name in the Task Name field. This name helps you identify the task in the Find
Address Tasks List. Names of the form Task1, Task2 and so on are provided by default.
2 Define the search targets: in the Enter an Address group box, select either IP or MAC to determine
the format of the address to search for, and enter the address into the fields provided. Click the Add
Address button to add the address to the Addresses to Find list.
— To find all addresses in the given search domain, click All in the Enter an Address group box,
then click the Add Address button to add All to the to Addresses to Find list
Note that All is added to the search list in addition to any individually-specified addresses. The
All specification does overlap with the other target addresses. However, this allows the user to
remove the All specification without losing the other addresses in the search list.
— Click the WildCard button to search for a MAC address defined only by the first three
hexadecimal tuples.
The first three hexadecimal tuples in a MAC address are assigned to vendors, such as Extreme
Networks, and they are vendor specific. The wildcard feature allows you to find all MAC
addresses coming from a particular vendor.
— Click the Remove Address button to remove an address from the list
3 Define the search domain. The Target Domains list specifies the scope of the devices to be included
in the search. Devices not included in this domain will not be searched.
You can define the search space in several ways:
— Devices lets you select individual devices to include in the search
— Device Groups lets you search all the devices in a specified device group
— Ports lets you select individual ports to include in the search
— PortGroups lets you search all the devices in a specified port group
You can create a target domain that includes a combination of these specifications.
NOTE
The IP/MAC Finder applet does not support hierarchical port groups. If you have created port groups
in the Grouping Manager that include subgroups as members, the subgroups will not appear in the
Target Domains list. Instead, any ports that are members of subgroups will be displayed directly
under the top-level port group, as if they are members of the top-level group.
4 If you select Devices or Ports as the Source Type, you must also select a Device Group from the
Select Group field to define the list of devices that will appear in the Devices list. If you select
Domains or PortGroups, this field well be inactive.
5 Select the Device, Port, Device Group, or Port Group that you want to search and click the Add
button to move it into the Target Domains list.
To remove a member of the Target Domains list, select the item in the list and click Remove. To clear
the Target Domains list, click Remove All.
6 Define the search type. From the Search Type field, select Network to perform a search from the
network or DataBase to perform a search from the EPICenter database using the collected edge port
information.
If you perform a network search, EPICenter reports unreachable devices. If you perform an
EPICenter database search, EPICenter does not report unreachable devices.
EPICenter Software Installation and User Guide
237
Using the IP/MAC Address Finder
7 When you have completed your search specification, click the Submit button at the bottom of the
window to initiate the search.
The IP/MAC Finder applet searches the IP Address Translation Table (the ipNetToMediaTable) in each
device agent for IP addresses, and the Forwarding Database (FDB) for MAC addresses.
NOTE
The IP/MAC Finder applet will not identify a device’s own IP address when you search for IP addresses
on that device. In other words, the applet will not find IP address 10.2.3.4 on the switch whose address
is 10.2.3.4. It can only find addresses that are in the agent’s IP Address Translation table, and a
device’s own address is not included in the table. The applet will find the address on the other switches
that have connectivity to the switch with the target IP address, however.
NOTE
Each search task can return a maximum of 2,000 MAC address entries. If a search returns more than
2,000 entries, a warning message is displayed in the status window. If you see a warning message, add
additional search constraints to reduce the number of returned MAC addresses to less than 2,000.
Detailed Task View
When you initiate a search, the task is placed in the Find Address Tasks list in the Component Tree. The
main panel displays the Detailed Task View for the current search task (see Figure 102).
Figure 102: Search in progress
238
EPICenter Software Installation and User Guide
Detailed Task View
While the task is in progress, the window shows the status as Pending. When the search is complete,
the Detailed Task View shows the results for the search (Figure 103).
Figure 103: Address search results in the Detailed Task view
The Detailed Task View shows the following information about your search.
• Task Name is the name you gave the task when you created it. Giving a task a unique name is
important to distinguish it from other tasks in the Tasks List
• Status shows the status of the request
• Submitted shows the date and time the task was submitted
• Completed shows the data and time the task was finished
The Search Criteria areas shows:
• The list of IP or MAC addresses that were the object of the search
• The Search Domains where the search took place. The Search Domains lists shows the name and
type (Device or Group) of the components of the domain specification
EPICenter Software Installation and User Guide
239
Using the IP/MAC Address Finder
The Search Results list shows the results of the search. For every address successfully located, this list
shows:
• Both the MAC address and the corresponding IP address.
• The switch and port to which the address is connected.
• The User (name) currently logged in at that address.
Once the search is complete, the search results will stay in the Tasks List until you explicitly delete them
using the Delete Function from the Tasks List Summary View, or until you exit the EPICenter client.
From the Task Detail window you can do the following:
• Click Delete to delete this task. This deletes the task specification as well as the task results.
• Click ReRun to execute the task again.
• Click Clone to bring up the Find Addresses window with the specifications of the selected task
already displayed.
• Click Export to export task search results to a text file on the server machine. See “Exporting Task
Results to a Text File” on page 240 for more information.
• Click Export Local to export task search results locally to a text file on your client system. You can
only use this feature if you are running the stand-alone client on your local system. If you are using
the browser-based client, this button will be greyed out. See “Exporting Task Results to a Text File”
on page 240 for more information.
The text field is located above the Delete, ReRun, Clone, and so on, action buttons. It provides search
status details, such as a list of devices that are offline or not reachable.
Exporting Task Results to a Text File
You can export a task’s detail results or search results to a text file. You can do this from the Tasks List.
To export the detail or search results to a file, do the following:
1 From the Detailed Task View, click the Export button if you are running the browser-based client.
Click the Export Local button if you are running the stand-alone client and you want to save the file
locally.
If you select Export, the Export pop-up dialog is displayed.
If you select Export Local, the Save dialog is displayed.
2 Enter a file name and subdirectory name in the fields provided.
If you select Export:
— Detail and search result files for a task are saved in the EPICenter user/AddressFinderResults
directory, which is a subdirectory of the EPICenter installation directory. You can optionally
specify a subdirectory within the AddressFinderResults directory by entering the subdirectory
name into the Directory field.
— By default, a search result exported file will be given a name created from the current date, time,
and task name. For example, the results for task “Task 2” run on April 25, 2001 at 3:52 pm will be
saved in a file named 2001_4_25_1552_Task 2.txt. You can change the file name by replacing
the name in the File Name field.
240
EPICenter Software Installation and User Guide
Detailed Task View
If you select Export Local:
— Detail and search result files for a task are saved by default in the WINNT\Profiles\user
directory on Windows systems or your local home directory on Solaris systems. You can also
choose to save the file in a different location in the Save dialog.
3 Click the Apply button to save the results.
Click Reset to clear all the fields.
Click Close to close the dialog without saving the file.
EPICenter Software Installation and User Guide
241
Using the IP/MAC Address Finder
242
EPICenter Software Installation and User Guide
10 Using ExtremeView
This chapter describes how to use ExtremeView for:
• Viewing Extreme and third-party device status.
• Viewing and setting Extreme device configuration information using the ExtremeWare Vista
graphical user interface.
• Viewing Extreme device statistics using the ExtremeWare Vista graphical user interface.
Overview of the ExtremeView Application
The ExtremeView applet displays information about the status of Extreme switches (Summit, Alpine,
and Black Diamond switches) and third-party devices managed by EPICenter. Any EPICenter user can
view status information about these network devices. Users with Administrator or Manager access can
view and modify configuration information for those switches through the ExtremeWare Vista graphical
user interface.
ExtremeWare Vista is device management software running in a Summit, Alpine, or Black Diamond
switch. It allows you to access the switch over a TCP/IP network using a standard Web browser, and
provides a set of pages for configuring and monitoring the Summit or Black Diamond switch.
NOTE
You must have a user account on the Extreme switch to run ExtremeWare Vista on the switch. A user
account on a switch is separate from an EPICenter user account.
When you click the EView button in the Navigation Toolbar, the main ExtremeView page appears as
shown in Figure 104.
EPICenter Software Installation and User Guide
243
Using ExtremeView
Figure 104: The ExtremeView applet, main page
Use the tabs in the Component status/detail panel as follows:
• Status displays status information for the devices known to EPICenter. You can view summary
status for the devices within a device group. You can view status and configuration information for
individual devices, slots, and ports through a front panel view accompanied by a table of
configuration and status information. Select a device subnode under a Device Group name node to
view configuration information for the device.
• Configuration displays configuration information for Extreme Networks switches based on the
configuration categories in ExtremeWare Vista. You can view summary configuration information for
all devices in a device group known to EPICenter, as well as detailed configuration information for
individual Extreme Networks switches, organized by ExtremeWare Vista configuration categories.
Individual third-party devices cannot be accessed through this feature.
• Statistics displays monitoring results for Extreme Networks switches, also based on ExtremeWare
Vista statistics monitoring categories. You can view summary statistics that include active and
inactive port counters for all Extreme Networks devices—in a specific device group—known to
EPICenter, or statistics for individual Extreme Networks switches. Individual third-party devices
cannot be accessed through this feature.
Viewing Device Status Information
Select the Status tab in the ExtremeView applet to display the Status window. The Status window
displays a summary of all of the device groups known to EPICenter, as shown in Figure 105.
244
EPICenter Software Installation and User Guide
Viewing Device Status Information
Figure 105: The ExtremeView applet, Status window
To show summary status for the devices in a Device Group, select a Device Group name from the
Component Tree on the left (see Figure 106).
Figure 106: The ExtremeView applet, device group status
EPICenter Software Installation and User Guide
245
Using ExtremeView
The following status information is displayed:
• The status “lights” show the status of the device as detected by EPICenter.
Table 8: ExtremeView Device Status Indicators
Status Light
Green
Yellow
Grey
Red
Device Status
Device is up and OK
Device is responding, but reports an error condition such as a fan or power supply failure,
or excessive temperature
Device is offline. EPICenter cannot communicate with the device. You can create
references to the device for alarms, policy, groups, device groups, RMON thresholds, and
so on. The network state of the device, including port status, ESRP, configured VLANs,
STP, and so on, is preserved when the device comes online.
Device is not responding to EPICenter status queries. This may mean that the switch is
down, that it is unreachable on the network, or that the SNMP community strings have
changed and EPICenter can no longer contact the switch.
• The name, type of switch, IP address, the ExtremeWare software version, and the last reboot time are
retrieved from the device by EPICenter.
Select a device in the Component Tree on the left to display detailed configuration and status
information, as shown in Figure 107. This display shows additional information that EPICenter has
gathered from the switch agent.
Figure 107: The ExtremeView applet, switch status
246
EPICenter Software Installation and User Guide
Viewing Device Status Information
This view shows an active graphical display of the switch front panel, as well as a panel of status
information.
You can view the status of individual modules (slots), ports, and power supplies (where shown), as
shown in Figure 108, in two ways:
• Select the slot, port, or power supply by clicking the cursor on the item in the switch image.
• Display the list of slots or ports in the Component Tree, and select the element about which you
want status information.
NOTE
The Component Tree does not display the empty slots in a device.
Figure 108: The ExtremeView applet, port status
Selected port
The right-hand panel displays status information about the selected port
There are a few Extreme devices, such as the Summit24e2T, Summit24e2X, and Summit Px1 switches, on
which the ports are not selectable through ExtremeView. In these cases, the ifIndex entries for the device
are displayed in the Device Information panel on the right.
Third-party Device Status
If the device you select is a third-party device, and EPICenter does not have an image for the specific
model, it displays a generic device image (a vendor-specific image if possible, but without
model-specific details). If there is no configuration file for the device, and it is being managed by the
EPICenter, the ifIndex entries for the entire device are displayed in the Device Information panel on the
right. Figure 109 shows a third-party device with an unknown configuration.
EPICenter Software Installation and User Guide
247
Using ExtremeView
Figure 109: A third-party device with unknown configuration
The port type is ethernet-csmacd(6) by default. However, some devices may support other port types.
For example, some 3Com devices support a layer 3 module which is of type other(1).
As Extreme Networks continues to develop additional device images, they will be made available on
Extreme Networks’ support web site at:
www.extremenetworks.com/services/software/epicenter.asp
under the the Patches section. You can also contact your Extreme Networks sales representative or
reseller if you would like help from Extreme’s Professional Services organization for creating images or
configuration files for specific devices.
Viewing Switch Configuration Information
Select the Configuration tab in the ExtremeView applet to display the Configuration window. The
Configuration window displays a summary of all of the device groups known to EPICenter, as shown
in Figure 110.
248
EPICenter Software Installation and User Guide
Viewing Switch Configuration Information
Figure 110: The ExtremeView applet, Configuration window
To show a configuration summary for the Extreme Networks switches in a device group, select a device
group name from the Component Tree on the left (see Figure 111).
EPICenter Software Installation and User Guide
249
Using ExtremeView
Figure 111: The ExtremeView applet, Configuration summary
The sub-components under the device group name in the Component Tree are the devices that are
members of the device group. Select a device, slot, or port from the Component Tree on the left to
display the categories of configuration information that are available through this applet for the selected
device, as shown in Figure 112.
250
EPICenter Software Installation and User Guide
Viewing Switch Configuration Information
Figure 112: The ExtremeView applet, ExtremeWare Vista summary
The categories in the Configuration window correspond to pages from the ExtremeWare Vista
application running on the switch. Select one of the categories to view the configuration settings for that
switch in the category you have chosen.
As shown in Figure 113, this displays the current switch configuration, and provides an interface
through which you can change the configuration.
EPICenter Software Installation and User Guide
251
Using ExtremeView
Figure 113: The ExtremeView applet, Configuration details
Enter your changes directly into the editable fields in the configuration display. When you have made
the necessary configuration changes, click Submit to send these to the switch for implementation.
252
EPICenter Software Installation and User Guide
Viewing Switch Statistics
Viewing Switch Statistics
Select the Statistics tab in the ExtremeView applet to display the Statistics window. The Statistics
window displays a summary of all of the device groups known to EPICenter, as shown in Figure 114.
Figure 114: The ExtremeView applet, Statistics window
To show summary statistics for Extreme switches in a device group, select a device group name from
the Component Tree on the left (see Figure 115).
EPICenter Software Installation and User Guide
253
Using ExtremeView
Figure 115: The ExtremeView applet, device group statistics
The sub-components under the device group name in the Component Tree are the devices that are
members of the device group. Select a device from the Component Tree on the left to display the
categories of statistical information that are available through this applet for the selected device, as
shown in Figure 116.
Figure 116: The ExtremeView applet, ExtremeWare Vista statistics
254
EPICenter Software Installation and User Guide
Finding Devices
The categories in the Statistics window correspond to pages of information from the ExtremeWare Vista
application running on the switch. Select one of these categories to to view the configuration settings for
that switch in the category you have chosen.
This displays the selected set of statistics for the selected switch. For some types of statistics, you may
be able to view the data in different ways through the use of view options or filters, such as the options
shown in Figure 117.
Figure 117: The ExtremeView applet, Statistics details
Finding Devices
You can search for a device in the EPICenter database by name, by IP address, or by type of device. This
may be useful if you have a large number of devices in your inventory.
To search for a device, follow these steps:
1 Click Find at the top of the ExtremeView applet page.
2 Enter your search criteria:
You can search for devices by name or by IP address. You can limit the search to a specific domain,
or to a specific type of Extreme device. Search criteria can include:
— A device name. Click the Device Name button, and enter a complete or partial name in the
Search: field.
— An IP address. Click the IP Address button and enter a complete or partial IP address in the
Search: field. You can use the wild card characters * or ? in your search criteria.
* acts as a wildcard for an entire octet (0-255)
? is a wildcard for a single digit (0-9)
EPICenter Software Installation and User Guide
255
Using ExtremeView
— A domain. Select the domain from the drop-down menu in the domain field. If you do not
specify a name or IP address in the Search field, all devices in the domain you select will be
found.
— A device type. Select the device type from the drop-down menu in the type field. If you do not
specify a name or IP address in the Search field, all devices of the type you select will be found.
3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed
in the center panel. Information includes the domain in which the device can be found, its name, IP
address, and the type of device.
4 Double-click on a device in the results table to highlight the device in the Component Tree, or select
a device in the results table and click Go To, to display the associated front panel view and status
information for that device (see “Viewing Device Status Information” on page 244). If you click Go
To, the search window will close.
5 Click New Search to clear all search criteria.
6 Click Close to close the search window.
Viewing Device Information from Pop-up Menus
You can select a device group, a device, a slot, or a port in the Component Tree, then right-click to
display a pop-up menu that contains the Properties command. The Properties command displays the
attributes for a specific device group, device, slot, or port. The device pop-up menu also contains the
Alarms, Browse, Statistics, Sync, Telnet, and VLANs commands. All of these commands perform the
same functions as the applets in the Navigation Toolbar to the left of the page, but with the appropriate
device displayed.
Properties
The Properties function lets you view the attributes for a selected device group, device, slot, or port.
Device Group
To view the Properties display for all device groups:
• Right-click on the Device Groups component, then select Properties from the pop-up menu that
appears
The Device Groups Properties window appears and displays the number of device groups and the
names of the device groups that are known to EPICenter.
To view the Properties display for a selected device group:
• Right-click on the device group, then select Properties from the pop-up menu that appears
The Device Group Properties window appears and displays the attributes for the selected device group.
See “Device Group Properties” on page 259” for details on using this feature.
Device
To view the Properties display for a selected device:
• Right-click on the device, then select Properties from the pop-up menu that appears
256
EPICenter Software Installation and User Guide
Viewing Device Information from Pop-up Menus
The Device Properties window appears and displays the attributes for the selected device.
See “Device Properties” on page 259 for details on using this feature.
Slot
To view the Properties display for a selected slot:
• Right-click on the slot, then select Properties from the pop-up menu that appears
The Slot Properties window appears and displays the attributes for the selected slot.
See “Slot Properties” on page 260 for details on using this feature.
Port
To view the Properties display for a selected port:
• Right-click on the port, then select Properties from the pop-up menu that appears
The Device Port Properties window has two tabs at the top of the window:
• Port — The Port tab displays the attributes for the selected port.
See “Port Properties” on page 263 for details on using this feature.
• Network Login/802.1x — The Network Login/802.1x tab lists the Network Login/802.1x
information about each user connected to the port.
For more details about the Network Login/802.1x tab, see Chapter 4, “Using the Inventory
Manager.”
Alarms
The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to
show the alarms for the selected device.
To view the Alarms display for a selected device:
• Right-click on the device, then select Devices -> Alarms from the pop-up menu that appears
This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log
Browser and displays the alarms for the selected device.
See Chapter 5 for details on using this feature.
Browse
The Browse function runs the ExtremeWare Vista switch management interface for the selected device.
To run ExtremeWare Vista for a selected device:
• Right-click on the device, then select Devices -> Browse from the pop-up menu that appears
This starts the ExtremeWare Vista login page in a new web browser window.
Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
EPICenter Software Installation and User Guide
257
Using ExtremeView
Statistics
The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the
selected device.
To view the Device Statistics display for a selected device:
• Right-click on the device, then select Devices -> Statistics from the pop-up menu that appears
This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected
device.
See Chapter 11 for details on using this feature.
Sync
Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the
device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to
poll the switch and update all configuration and status information.
To launch the synchronization procedure for a selected device:
• Right-click on the device, then select Sync from the pop-up menu that appears.
This starts the Sync procedure for the selected device.
See Chapter 7 for details on using this feature.
Telnet
The Telnet function opens an EPICenter telnet window that is connected to the selected device.
To open a telnet session for a selected device:
• Right-click on the device, then select Devices -> Telnet from the pop-up menu that appears
This starts a telnet session for the device in a new window.
See Chapter 7 for details on using this feature.
VLANs
The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to
the EPICenter database.
To view the VLANs for a selected device:
• Right-click on the device, then select Devices -> VLANs from the pop-up menu that appears
This starts the VLAN applet in a new window and displays the VLANs currently know to the
EPICenter database.
See Chapter 13 for details on using this feature.
258
EPICenter Software Installation and User Guide
Displaying Properties
Displaying Properties
You can view the properties of a device group, device, slot, or port in the EPICenter database. This
section describes how to view properties through the ExtremeView applet.
Device Group Properties
You can view summary information for all device groups, or view information about individual device
groups.
To view summary information for all device groups, right-click on the Device Groups component and
select Properties from the pop-up menu.
The Device Groups Properties window appears, showing the All Device Groups display. This displays a
list of the current device groups and their descriptions. For more details about this display, see
Chapter 4.
You can also view properties for a specific device group. To view properties for a specific device group,
right-click on a device group and select Properties from the pop-up menu.
The Device Group Properties window appears, showing information about the selected group. This
includes the group description, the number of devices in the group, and a list of the devices. For more
details about this display, see Chapter 4.
Device Properties
To view properties for a device, right-click on a device in the Component Tree and select Properties
from the pop-up menu that appears.
The Device Properties window has five tabs at the top of the window:
• Device
• VLAN
• STP
• Network Login/802.1x
• Syslog Messages
Each tab displays the name of the device and a status “light” which shows the status of the device as
detected by EPICenter.
The Device Tab
The Device tab displays information about the device such as its IP address, MAC address, and boot
time. The main section of the window presents the same information you can view in the Inventory
Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the
switch provides comprehensive status information.
The VLAN Tab
The VLAN tab lists the VLANs configured on the device.
EPICenter Software Installation and User Guide
259
Using ExtremeView
The STP Tab
The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more
than one entry per STPD if the domain includes multiple VLANs.
The Network Login/802.1x Tab
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the device.
The Syslog Messages Tab
The Syslog Messages tab lists information about each Syslog Message received from the device.
Slot Properties
To view slot properties, do the following:
1 From the Component Tree, click on the plus sign of a modular device to display the slots for that
particular device.
2 Right-click on a slot and select Properties from the pop-up menu that appears. The Device Slot
Properties window appears. The information displayed in this window depends on whether the
module requires additional software to be installed.
For modules that do not require a special version of ExtremeWare to be installed, the Device Slot
Properties window appears, as shown in Figure 118.
Figure 118: Device Slot Properties window for modules that do not require additional software
260
EPICenter Software Installation and User Guide
Displaying Properties
For these modules, the Device Slot Properties window displays two tabs:
• Slot
• Network Login/802.1x
The Slot tab displays the following information:
• Slot Name—The number, or letter, of the slot where the module is installed
• Configured Type—The type of module that is configured for the slot
• Inserted Type—The type of module that is inserted into the slot
• Module State—The operational state of the module
• Serial Number—The serial number of the module
For modules that require a special version of ExtremeWare to be installed, the Device Slot Properties
window appears, as shown in Figure 119.
Figure 119: Device Slot Properties window for modules that require additional software
For these modules, the Slot tab of the Device Slot Properties window displays the following
information:
• Slot Name—The number, or letter, of the slot where the module is installed
• Configured Type—The type of module that is configured for the slot
• Inserted Type—The type of module that is inserted into the slot
• Module State—The operational state of the module
• Serial Number—The serial number of the module
EPICenter Software Installation and User Guide
261
Using ExtremeView
• Description—A description of the module that is inserted into the slot
• Primary Version—The primary ExtremeWare software image running on the module
• Secondary Version—The secondary ExtremeWare software image running on the module
• Current Version—The current ExtremeWare software image running on the module
• BootROM Version—The current BootROM image running on the module
• Module Processor State—The operational state of the General Processor and the Network
Processor(s) in the module.
NOTE
The Component Tree does not display the empty slots in a device.
To view Network Login/802.1x information, click the Network Login/802.1x tab, as shown in
Figure 120.
Figure 120: Network Login/802.1x tab of Device Slot Properties window
The Network Login/802.1x tab lists the following Network Login/802.1x information about each
user connected to the slot:
• Port—The port on the device on which the user is logged in.
• User Name—The name of the user.
• IP Address—The IP address of the user’s host.
• Login Type—The login type, either network login or 802.1x.
• MAC Address—The MAC address of the user’s host.
262
EPICenter Software Installation and User Guide
Displaying Properties
• VLAN—The VLAN to which the port belongs.
Port Properties
To view port properties, do the following:
1 From the Component Tree, click on the plus sign of a device.
For a non-modular device, this displays the ports for that particular device.
For a modular device, this displays the slots for that particular device. Click on the plus sign of a
slot to display the ports for that particular device.
2 Right-click on a port and select Properties from the pop-up menu that appears.
The Device Port Properties window appears, as shown in Figure 121.
Figure 121: Device Port Properties window
EPICenter Software Installation and User Guide
263
Using ExtremeView
The Device Port Properties window has two tabs:
• Port
• Network Login/802.1x
The Port tab displays the following information:
• Port Number—The number of the port
• Configured Type—The type of port
• Media—The media for a redundant port (Primary or Redundant)
• Port Enabled—Whether the port is enabled (yes) or not enabled (no)
• Actual Speed—The speed of the port
• Actual Duplex—The duplex setting of the port (Half, Full, or None )
• Load Sharing—The load sharing state of the port (On or Off)
• Uplink Status—The uplink status of the port (Uplink or Edge port)
To view Network Login/802.1x information, click the Network Login/802.1x tab, as shown in
Figure 122.
Figure 122: Network Login/802.1x tab of Device Plot Properties window
The Network Login/802.1x tab lists the following Network Login/802.1x information about each
user connected to the port:
• Port—The port on the device on which the user is logged in.
• User Name—The name of the user.
• IP Address—The IP address of the user’s host.
264
EPICenter Software Installation and User Guide
Displaying Properties
• Login Type—The login type, either network login or 802.1x.
• MAC Address—The MAC address of the user’s host.
• VLAN—The VLAN to which the port belongs.
EPICenter Software Installation and User Guide
265
Using ExtremeView
266
EPICenter Software Installation and User Guide
11 Real-Time Statistics
This chapter describes how to use the Real-Time Statistics applet for:
• Viewing percentage utilization or total errors data for multiple ports in an Extreme Networks switch,
a switch slot, or a port group.
• Viewing historical utilization, total errors, or individual errors data for a specific port on an Extreme
Networks switch.
Overview of Real-Time Statistics
The Real-Time Statistics feature of the EPICenter software enables you to view a graphical presentation
of utilization and error statistics for Extreme Networks switches in real time. The data is taken from
Management Information Base (MIB) objects in the etherHistory table of the Remote Monitoring
(RMON) MIB. The Real-Time Statistics function is supported only for Extreme Networks switches.
NOTE
You must have RMON enabled on the switch in order to collect real-time statistics for the switch.
You can view data for multiple ports on a device, device slot, or within a port group, and optionally
limit the display to the “top N” ports (where N is a number you can configure). If you choose to view
multiple ports, the display shows data for the most recent sampling interval for the selected set of ports.
The display is updated every sampling interval.
You can also view historical statistics for a single port. If you choose to view a single port, the display
shows the value of the selected variable(s) over time, based on the number of datapoints the MIB
maintains in the etherHistory table.
You can choose from a variety of styles of charts and graphs as well as a tabular display.
EPICenter Software Installation and User Guide
267
Real-Time Statistics
You can view the following types of data:
• Percent Utilization for each port in the set (device, port group, or single port).
Percent utilization reports the value of the etherHistoryUtilization MIB object. The MIB defines this
variable as follows:
Table 9: Definition of RMON Utilization Variable Used in Port Utilization Displays
etherHistoryUtilization
The best estimate of the mean physical layer network utilization on this
interface during this sampling interval, graphed in percents.
• Total Errors for each port in the set (device, port group, or single port).
Total Errors is the sum of the six error variables shown in Table 10.
• Individual Errors for a single port.
An individual errors display shows the six variables shown in Table 10.
Table 10: Definition of RMON etherHistory Error Variables for Port Error Displays
etherHistoryCRCAlignErrors
The number of packets received during this sampling interval that had a
length between 64 and 1518 octets, inclusive (excluding framing bits but
including Frame Check Sequence (FCS) octets), but that had either a bad
FCS with an integral number of octets (FCS Error) or a bad FCS with a
non-integral number of octets (Alignment Error).
etherHistoryUndersizePkts
The number of packets received during this sampling interval that were
less than 64 octets long (excluding framing bits but including FCS octets)
and were otherwise well formed.
etherHistoryOversizePkts
The number of packets received during this sampling interval that were
longer than 1518 octets (excluding framing bits but including FCS octets)
but were otherwise well formed.
etherHistoryFragments
The total number of packets received during this sampling interval that
were less than 64 octets in length (excluding framing bits but including FCS
octets) had either a bad Frame Check Sequence (FCS) with an integral
number of octets (FCS Error) or a bad FCS with a non-integral number of
octets (Alignment Error).
etherHistoryJabbers
The number of packets received during this sampling interval that were
longer than 1518 octets (excluding framing bits but including FCS octets),
and had either a bad Frame Check Sequence (FCS) with an integral
number of octets (FCS Error) or a bad FCS with a non-integral number of
octets (Alignment Error).
etherHistoryCollisions
The best estimate of the total number of collisions on this Ethernet
segment during this sampling interval.
You can choose to have the component tree show the device name only, the device name followed by
the IP address in parentheses, or the device IP address followed by the device name in parentheses. See
Chapter 16, “Administering EPICenter” for more details about how to display the device in the
component tree.
268
EPICenter Software Installation and User Guide
Displaying Multi-port Statistics
Displaying Multi-port Statistics
When you click the RT Stats button in the Navigation Toolbar, the main Real-Time Statistics page is
displayed, as shown in Figure 123. Initially, no data is displayed—you see a message asking you to
select a device, device slot, or port group to be displayed.
The Component Tree displays the devices and port groups for which you can display statistics. An “S”
in a red circle next to a device name indicates that the device is not responding to SNMP requests. A
port group with a red-circled “S” indicates that the port group is empty.
NOTE
The Real-Time Statistics applet does not support hierarchical port groups. If you have created port
groups in the Grouping Manager that include subgroups as members, the subgroups will not appear in
the Component Tree of the Real-Time statistics applet. Instead, any ports that are members of
subgroups will be displayed directly under the top-level port group, as if they are members of the
top-level group.
Figure 123: Real-Time Statistics main page
For an individual port, you can display individual errors in addition to utilization and total errors.
• Select a network device to display data for some or all ports on the device.
• Select a port group to display data for all ports in the port group.
You will first see a message saying “Please wait, loading statistics data.” If the EPICenter server is
successful in accessing the data, utilization data is displayed as shown in Figure 124.
EPICenter Software Installation and User Guide
269
Real-Time Statistics
Figure 124: Bar chart showing port statistics for a group of ports
If you place the cursor near a bar in the chart, a pop-up window shows the port number and device,
actual data value, and the time stamp on the data sample.
You can use the mouse to change the depth and rotation of a 3-dimensional chart:
• Hold down the [Shift] key, press the left mouse button, and drag the cursor left or right to rotate the
graph.
• Hold down the [Ctrl] key, press the left mouse button, and drag the cursor up or down to set the
depth of the 3-dimensional view.
For any of the bar graphs, move the cursor and then wait to see the change take effect, which may take
a few seconds.
There are cases where you may not see data for every port you expect in a multi-port display:
• You have selected the “top N” feature (top 15 by default), so only the “N” ports with the highest
utilization or the highest total number of errors are displayed.
• RMON is disabled for some ports on the switch. If the switch as a whole can be reached and is
reporting data, then individual ports that do not report data will be ignored. No error message
appears in this case.
If the EPICenter server is not successful in loading data from the device, it displays a message similar to
that shown in Figure 125.
270
EPICenter Software Installation and User Guide
Displaying Statistics For a Single Port
Figure 125: Warning displayed when the EPICenter server cannot retrieve data
There are several reasons why the EPICenter server may not be able to display any device data:
• The EPICenter server cannot communicate with the device (indicated by an “S” in a red circle next
to the device name).
• The device does not have RMON enabled, or RMON was just recently enabled and no data samples
exist yet.
• The device is marked offline.
Displaying Statistics For a Single Port
In addition to displaying data for a set of ports, you can display historical data for an individual port.
You can select a port in one of two ways:
• Double-click on the data point for an individual port in the device or port group statistics display
(bar, data point, or pie slice in the respective chart, or row in a tabular display).
• Click on a device, device slot, or port group in the left-side Component Tree to list the ports it
contains, then select a port.
A set of utilization statistics for the selected port is displayed, as shown in Figure 126.
EPICenter Software Installation and User Guide
271
Real-Time Statistics
Figure 126: Utilization data over time for an individual port on a device
The number of data points displayed, and the sampling interval are user-configurable parameters,
within the limitations of the device configuration. The defaults are:
• A 30-second sampling interval
• 50 data points displayed
NOTE
For BlackDiamond switches, only 25 data points are displayed because that is the maximum number of
values the switch stores as historical data.
For an individual port, you can display individual errors in addition to utilization and total errors.
• Select the tab at the bottom of the page to generate one of these displays. Figure 127 is an example.
272
EPICenter Software Installation and User Guide
Changing the Display Mode
Figure 127: Individual errors in a single-port chart
Changing the Display Mode
The icons at the top of the page let you select the format of the statistical display, and control several
other aspects of the display.
Select this to determine whether the display for a device or port group will include all
ports, or only the top N ports (where N is initially fifteen). Click the icon to toggle
between the red X, which indicates the top N limitation is not in effect, and a green check,
which indicates that the top N ports are being displayed. The top N ports are displayed in
order from highest (largest percent utilization or largest total errors) to lowest. The
number of ports (N) is a user-configurable setting. This option is available only for multi-port
displays.
Select this to display the data as a line graph. This chart type is especially useful when
displaying individual errors for a single port.
Select this to display the data as a pie chart. This chart type is available only when you are
displaying statistics for multiple ports on a device, device slot, or in a port group. The
maximum number of slices in the pie is a user-configurable setting. It is initially set to
display 10 slices.
EPICenter Software Installation and User Guide
273
Real-Time Statistics
Select this to display the data as a bar chart. A 3D bar chart is the default for all chart
displays. The 3D setting is also a user-configurable option.
Select this to display the data as a horizontal bar chart. This chart type by default displays in
3D. The 3D setting is also a user-configurable option.
Select this to display the data as a stacked bar chart. This chart type is only available when
you are displaying individual errors for a single port.
Select this to display the data as an area chart. This chart type by default displays in 3D. The
3D setting is also a user-configurable option.
Select this to display the data as a table.
Select this to zoom in on (magnify) the size of the display. You can select this repeatedly to
zoom up to three times the screen size.
Select this to zoom out (shrink) the size of the display. You can select this repeatedly until
the chart is the desired size.
Select this to display grid lines on the background of the chart.
Determines whether the graph data is updated automatically at every sampling interval.
Click on the icon to toggle between continuous updates, and suspended updates.
Select this to take a “snapshot” of the graph or table view of the current real-time statistics
data.
Select this to bring up the graph preferences pop-up window. You can change a variety of
settings, such as graph and data colors, the sampling interval, or the number of ports in a
top N display.
Setting Graph Preferences
To change the graph settings used in this applet, click the Set Graph Preferences icon in the toolbar.
The Graph Preferences window is displayed, as shown in Figure 128.
274
EPICenter Software Installation and User Guide
Setting Graph Preferences
Use the tabs across the top of the window to select the type of setting you want to change. Each tab
displays a page with a group of related settings. When you have changed any setting you want on a
given page:
• Click Apply to put the changes into effect, but keep the Graph Preferences window open so you can
make changes on another page.
• Click OK to put the changes into effect and close the Graph Preferences window.
NOTE
The Graph preferences settings are not persistent—if you log out and close your EPICenter Client or
browser, the settings will return to the defaults.
Graph View (Figure 128) lets you change from 3D to 2D displays, and change the values for the 3D
depth, elevation and rotation.
Figure 128: Setting 3D graph preferences
• To change to a 2D graph view, click the Set 3D Graph View box to remove the check mark.
• View Depth controls the depth of a bar. The default is 10, maximum is 1000.
• View Elevation controls the elevation (rise) from the front of the bar to the back, in degrees. The
default is 10°, range is ±45°.
• View Rotation controls the angle of rotation of the bar, in degrees. The default is 12°, range is ±45°.
• Minimum Graphed Utilization specifies the minimum scale for the Y axis for utilization graphs.
The default is 1.0 (1%), meaning that the Y axis will not show less than 1% as the top value of the Y
axis.
• Minimum Graphed Errors specifies the minimum scale for the Y axis for error graphs. The default is
25, meaning that the Y axis will not show less than 25 errors as the top value of the Y axis.
EPICenter Software Installation and User Guide
275
Real-Time Statistics
Graph Colors (Figure 129) lets you set the colors for the graph background and text (data and axis
labels).
Figure 129: Setting graph color preferences
• To change a color, click on a button with the color bar icon. This displays a color selection window
where you can select the color you want. You can select a color using color swatches, or by
specifying HSB or RGB values.
• Set Graph Background Color sets the color of the background surrounding the graph.
• Set Graph Foreground Color sets the color of the text and bar outlines.
• Set Plot Background Color sets the color of the background behind the graph data.
Data Colors (Figure 130) lets you set the colors used for the various data sets in your graph.
Figure 130: Setting data color preferences
• To change a color, click on a button with the color bar icon. This displays a color selection window
where you can select the color you want. You can select a color using color swatches, or by
specifying HSB or RGB values.
• Data Color 1 is the color used for Utilization and Total Error graphs.
• Data colors 1 through 6 are used for the different errors in a individual errors chart.
• Data colors in order starting from 1 are used in a pie chart, for as many slices as you’ve specified. (If
you specify more than 12 slices, the colors will repeat, with slice 13 using the same color as slice 1).
276
EPICenter Software Installation and User Guide
Taking Graph Snapshots
Graph Data (Figure 131) lets you set several miscellaneous graph parameters.
Figure 131: Setting other graph preferences
• Top N Display Count specifies the number of ports to include in a Top N display. The default is 15,
maximum is 100.
• Pie Slice Display Count specifies the number of slices to display in a pie chart. The default is 10,
maximum is 50.
• Historical Data Display Count specifies the number of historical data points to display in a graph
for an individual port. The default is 50, the maximum value you can set is 100. However, the actual
maximum number of data points you can get is determined by the SNMP agent running in the
device from which you are getting data.
• Historical Data Sampling Interval is the sampling interval to use when displaying historical data.
Select a choice from the pull-down list. The choices in the list are determined by the configuration of
the device from which you are getting data.
Taking Graph Snapshots
The Real-Time Statistics Snapshot feature lets you take a static image of a graph or table view of the
current real-time statistics data. The snapshot generates a persistent HTML page that is displayed in a
separate window (see Figure 132).
EPICenter Software Installation and User Guide
277
Real-Time Statistics
Figure 132: Snapshot of Real-Time Statistics graph display
To take a snapshot, click the camera icon located in the toolbar at the top of the RT Statistics applet
window. The snapshot image will be displayed in a new window in the same form (graph or table) as it
was in the RT Statistics applet. Graph images reflect the current display size and graph type (pie, bar,
etc.).
From the window, the snapshot image can be saved as a file, printed, or sent by e-mail, just as with any
other HTML page.
When a graph image is displayed in the window, you can click a link below the initial display to change
the way the data is displayed:
• display table reformats the data as a table
• display graph/table displays both the graph and table formats on the same HTML page
• display graph image displays the data as a graph, in the style in which it was displayed when the
snapshot was taken.
NOTE
Once you select “display graph image” you can no longer change the display format to a table or to
a dual display. However, you can use the browser “Back” button to go to the previously displayed
page.
When you snapshot a table, you cannot change to a graph from within the snapshot image window.
The HTML page persists in a snapshot image cache until the EPICenter server is restarted, or until the
image cache becomes full. When the image cache reaches its limit, older snapshot images will be
deleted as needed to make room for new snapshot images.
278
EPICenter Software Installation and User Guide
Viewing Device Information from Pop-up Menus
Viewing Device Information from Pop-up Menus
You can select a device, a slot, or a port in the Component Tree, then right-click to display a pop-up
menu that contains the Properties command. The Properties command displays the attributes for a
specific device group, device, slot, or port. The device pop-up menu also contains the Alarms, Browse,
EView, Sync, Telnet, and VLANs commands. All of these commands perform the same functions as the
applets in the Navigation Toolbar to the left of the page, but with the appropriate device displayed.
Properties
The Properties function lets you view the attributes for a selected device, slot, or port.
Device
To view the Properties display for a selected device:
• Right-click on the device, then select Properties from the pop-up menu that appears
The Device Properties window appears and displays the attributes for the selected device.
See “Device Properties” on page 281 for details on using this feature.
Slot
To view the Properties display for a selected slot:
• Right-click on the slot, then select Properties from the pop-up menu that appears
The Slot Properties window appears and displays the attributes for the selected slot.
See “Slot Properties” on page 282 for details on using this feature.
Port
To view the Properties display for a selected port:
• Right-click on the slot, then select Properties from the pop-up menu that appears
The Port Properties window appears and displays the attributes for the selected port.
See “Port Properties” on page 283 for details on using this feature.
Alarms
The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to
show the alarms for the selected device.
To view the Alarms display for a selected device:
• Right-click on the device, then select Alarms from the pop-up menu that appears
This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log
Browser and displays the alarms for the selected device.
See Chapter 5, “The EPICenter Alarm System” for details on using this feature.
EPICenter Software Installation and User Guide
279
Real-Time Statistics
Browse
The Browse function runs the ExtremeWare Vista switch management interface for the selected device.
To run ExtremeWare Vista for a selected device:
• Right-click on the device, then select Browse from the pop-up menu that appears
This starts the ExtremeWare Vista login page in a new web browser window.
Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
EView
The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image
and device information for the selected device.
To view the EView for a selected device:
• Right-click on the device, then select EView from the pop-up menu that appears
This starts the ExtremeView applet in a new window and displays the front-panel image and
information for the selected device.
See Chapter 10, “Using ExtremeView” for details on using this feature.
Sync
Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the
device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to
poll the switch and update all configuration and status information.
To launch the synchronization procedure for a selected device:
• Right-click on the device, then select Sync from the pop-up menu that appears.
This starts the Sync procedure for the selected device.
See Chapter 7 for details on using this feature.
Telnet
The Telnet function opens an EPICenter telnet window that is connected to the selected device.
To open a telnet session for a selected device:
• Right-click on the device, then select Telnet from the pop-up menu that appears
This starts a telnet session for the device in a new window.
See Chapter 7, “Using the Interactive Telnet Application” for details on using this feature.
280
EPICenter Software Installation and User Guide
Displaying Properties
VLANs
The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to
the EPICenter database.
To view the VLANs for a selected device:
• Right-click on the device, then select VLANs from the pop-up menu that appears
This starts the VLAN applet in a new window and displays the VLANs currently know to the
EPICenter database.
See Chapter 13, “Using the VLAN Manager” for details on using this feature.
Displaying Properties
You can view the properties of a device group, device, slot, or port in the EPICenter database. This
section describes how to view properties through the ExtremeView applet.
Device Group Properties
You can view summary information for all device groups, or view information about individual device
groups.
To view summary information for all device groups, right-click on the Device Groups component and
select Properties from the pop-up menu.
The Device Groups Properties window appears, showing the All Device Groups display. This displays a
list of the current device groups and their descriptions. For more details about this display, see
Chapter 4 “Using the Inventory Manager.”
You can also view properties for a specific device group. To view properties for a specific device group,
right-click on a device group and select Properties from the pop-up menu.
The Device Group Properties window appears, showing information about the selected group. This
includes the group description, the number of devices in the group, and a list of the devices. For more
details about this display, see Chapter 4 “Using the Inventory Manager.”
Device Properties
To view properties for a device, right-click on a device in the Component Tree and select Properties
from the pop-up menu that appears.
The Device Properties window has five tabs at the top of the window:
• Device
• VLAN
• STP
• Network Login/802.1x
• Syslog Messages
EPICenter Software Installation and User Guide
281
Real-Time Statistics
Each tab displays the name of the device and a status “light” which shows the status of the device as
detected by EPICenter.
The Device Tab
The Device tab displays information about the device such as its IP address, MAC address, and boot
time. The main section of the window presents the same information you can view in the Inventory
Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the
switch provides comprehensive status information.
The VLAN Tab
The VLAN tab lists the VLANs configured on the device.
The STP Tab
The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more
than one entry per STPD if the domain includes multiple VLANs.
The Network Login/802.1x Tab
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the device.
The Syslog Messages Tab
The Syslog Messages tab lists information about each Syslog Message received from the device.
For more details about the Device Properties window, see Chapter 4 “Using the Inventory Manager.”
Slot Properties
You can view summary information about a specific slot in a modular device. To view properties for a
slot, click on the plus sign of a modular device to display the slots for that particular device. Right-click
on a slot and select Properties from the pop-up menu that appears.
The Device Slot Properties window contains two tabs. The Slot tab displays information about the slot
such as the number or letter of the slot, the type of module that is inserted into the slot, and the serial
number of the module. If you have a module that requires a special version of ExtremeWare to be
installed, the window also displays information such as the primary, secondary, and current software
images running on the module as well as the current BootROM image running on the module. The
main section of the window presents the same information you can view in the ExtremeView applet for
the slot.
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the slot.
For more details about this display, see Chapter 10 “Using ExtremeView.”
282
EPICenter Software Installation and User Guide
Displaying Properties
Port Properties
You can view summary information about a specific port in a device.
To view properties for a port in a modular device, click on the plus sign of a device to display the slots
for that particular device. Click on the plus sign of a slot to display the ports for that particular device.
Right-click on a device and select Properties from the pop-up menu that appears.
To view properties for a port in a non-modular device, click on the plus sign of a device to display the
ports for that particular device. Right-click on a device and select Properties from the pop-up menu that
appears.
The Device Port Properties window displays two tabs. The Port tab displays information about the port
such as the number of the port, whether the port is enabled or disabled, and the load sharing state of
the port. The main section of the window presents the same information you can view in the
ExtremeView applet for the port.
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the port.
For more details about this display, see Chapter 10 “Using ExtremeView.”
EPICenter Software Installation and User Guide
283
Real-Time Statistics
284
EPICenter Software Installation and User Guide
12 Network Topology Views
This chapter describes how to use the EPICenter Topology View applet for:
• Viewing EPICenter Topology maps
• Creating new topology views
• Adding, moving and deleting map elements (nodes and links)
• Setting display properties for individual maps or a complete topology view
• Modifying the layout of a topology map
• Displaying the alarm browser, telnet window, real-time statistics, a front panel view, VLAN Manager,
ExtremeWare Vista, or the Properties dialog for a specific node on the map
Overview of EPICenter Topology Views
EPICenter’s Topology applet allows you to view your network (EPICenter-managed devices and the
links between devices) as a set of maps. These maps can be organized into sets of submaps that allow
you to represent your network as a hierarchical system of campuses, buildings, floors, closets, or
whatever logical groupings you want. You can also create additional topology views (sets of maps) so
you can create several different representations of your network for different purposes.
For views with the Auto Populate View option enabled, the Topology applet automatically adds device
nodes as they are added to EPICenter’s device inventory. It also adds any links that exist between the
device nodes, and organizes them into submaps as appropriate. You can customize the resulting maps
by moving elements, adding new elements, such as links, “decorative” (non-managed) nodes, and text,
and customizing the device nodes themselves. The Default view, which appears when you first access
the Topology applet, is auto-populated with the devices currently in EPICenter’s inventory.
NOTE
Links can only be discovered and auto-populated between Extreme Networks devices that have the
Extreme Discovery Protocol (EDP) enabled. Links cannot be discovered on non-Extreme Networks
devices, on Extreme Networks devices with EDP disabled, or on devices running the following versions
of ExtremeWare: versions prior to 4.1.19b2, version 5.x, or version 6.0.x. Links can be discovered on
devices with EDP enabled running ExtremeWare 4.1.19 b2, 4.1.20, or 4.1.21, or ExtremeWare 6.1 or
later. EDP is enabled by default on these Extreme Networks devices.
EPICenter Software Installation and User Guide
285
Network Topology Views
In addition, from a managed device node on the map, you can invoke other EPICenter functions such as
the alarm browser, Telnet, real-time statistics, a front panel view, the VLAN Manager, or ExtremeWare
Vista for the selected device, or view device properties from a Properties window.
Maps are initially created in a layout based on information in EPICenter’s device inventory about the
devices and their connectivity. You can customize the layouts into hierarchical views using cut and
paste, or by deleting devices from a map and then adding them to a different map. You can also add
and remove “decorative” nodes (nodes that aren’t discovered or managed by EPICenter) and links.
Displaying a Network Topology View
Click the Topology button in the EPICenter Navigation Toolbar to display the main Topology View
page, as shown in Figure 133.
NOTE
If you have not yet performed a Discovery (i.e. there are no devices in EPICenter’s Inventory database)
the map will be blank.
Figure 133: The Topology View
Submap node
Information
Hyper node
Device nodes
panel
View name
Text node
L2 cloud node
Links
Decoration node
A View is a unique, named hierarchy of maps, consisting of a root map and optional submaps,
depending on the topology of the network. The current View name is displayed in the pull down field
at the left of the icon bar.
286
EPICenter Software Installation and User Guide
Displaying a Network Topology View
A Map is a collection of nodes and links.
The top portion of the left-hand panel displays the Map Hierarchy Tree. This starts at the root map and
shows the hierarchy of submaps in the current topology view. The current map name is highlighted.
The bottom portion of the left-hand panel is the Map Element Description panel, that displays
information about the currently selected map element if one (and only one) is selected. Otherwise, the
panel is empty.
The main panel displays the currently selected map in the current topology view. Only one view and
map can be displayed at a time.
Map Elements
The following elements can appear on a map:
Device Nodes. Device nodes represent the managed devices found in EPICenter’s Inventory data base.
Figure 134: Example of device nodes, including an unknown device type
A device node shows the following information:
• The name of the device as it is kept in the Inventory database (this can be hidden using View or Map
properties).
• An optional, user-supplied annotation for the node.
• A small icon representing the specific device or device product line, if the device is of a known type,
or an “unknown” device icon (a circle with a question mark) as shown in Figure 134. (This can be
hidden using View or Map properties.)
• The device’s IP address.
• The device status, indicated by the color of the icon border.
— A green border indicates that the device is up.
— A red border indicates that the device is down.
Each managed device known to EPICenter can only appear once in each topological view.
Submap Nodes. A submap node represents a child map of the current map.
Figure 135: Example of a submap node
The submap node icon shows the following information:
• The name of the node (submap), which can be edited. By default, it is given the subnet
address/subnet mask as the name.
EPICenter Software Installation and User Guide
287
Network Topology Views
• A submap icon, as shown in Figure 135.
A submap node does not provide any additional status information.
L2 Cloud Nodes. An L2 cloud map node provides connectivity between devices when the details of
the connectivity cannot be determined. For example, if there is a hub between two devices, the
Topology applet will place an L2 cloud between the devices. L2 clouds are created automatically as
needed.
Figure 136: Example of an L2 cloud node
The L2 cloud node icon shows the following information:
• The name of the node (cloud), which can be edited. By default, it is named L2C.
• A cloud icon, as shown in Figure 136. (This can be hidden using View or Map properties.)
An L2 cloud node does not provide any status information.
NOTE
You cannot add L2 cloud nodes; they are placed automatically by EPICenter as required by device
connectivity. You can remove them, but they may be replaced automatically by EPICenter if still needed.
There may be situations where EPICenter creates an L2 cloud that is not really necessary. For example:
• An L2 cloud may be created as devices are added to the map, but when the final topology is known,
the L2 cloud is no longer necessary.
• When one end of a link is moved, EPICenter will represent this as two links —one link that is down
(the old endpoint port) and a new link that is up (the new endpoint). It will also determine that
these two links share the same endpoint, so there must be a hub between these ports and the device
at the other end. Thus, EPICenter will create an L2 cloud to represent the hub.
In either of these cases, you can use the Discover Links command to remove unnecessary links and L2
clouds. See “Discovering Links Between Devices” on page 300 for more information on the Discover
Links function.
Hyper Nodes. A hyper node represents a link termination when the actual terminating node (device or
cloud) is present on another map. Thus, a hyper node will show the same information as the node it
represents (except for the optional node annotation):
Figure 137: Example of hyper node icons representing a device and an L2 cloud
288
EPICenter Software Installation and User Guide
Displaying a Network Topology View
A hyper node icon shows the following information:
• The name of the device or cloud node that this hyper node represents (this can be hidden using
View or Map properties).
• An optional, user-supplied annotation for a device hyper node. This is a different annotation than
will appear in the device node that this hyper node represents.
• A hyper node icon, as shown in Figure 137.
• The device IP address, for a device hyper node.
• The device status, for a device hyper node, as indicated by the color of the icon border:
— A green border indicates that the device is up
— A red border indicates that the device is down
An L2 cloud hyper node does not show any status information.
NOTE
You cannot add, cut, or delete hyper nodes; they are placed and removed automatically by EPICenter
as required by device connectivity.
Decorative Nodes. A decorative map node can be created by the user to represent any other type of
node that is not discovered or managed by EPICenter, such as a server or workstation.
Figure 138: Example of a decorative node
A decorative node shows the following information:
• The name or description of the node, which can be edited
• A decorative node icon, as shown in Figure 138. (This can be hidden using View or Map properties.)
Text Nodes. A text map node is a single-line text field that can be placed anywhere in a network map.
It can be used to create a title for the map, additional annotations for other map elements, comments,
and so on.
Links. A link represents connectivity between nodes in the map. Links can be automatically detected
on Extreme Networks devices with EDP enabled.
NOTE
For third-party devices or Extreme Networks devices with EDP disabled or not supported, you can
manually add links to the map to represent connectivity between devices. However, these links will
always have unknown status, will not display endpoint or utilization information, and will not be updated
when the map topology changes. The behavior of links described in the following paragraphs does not
apply to manually-added links.
When a discovered link connects two devices on the same map, the link will be annotated with the port
number, or slot and port number for each of the endpoints, as shown in Figure 139.
EPICenter Software Installation and User Guide
289
Network Topology Views
Figure 139: Example of a gigabit link showing endpoint connectivity and Up status
When one of the endpoints is within another submap, the annotation will include the device name or IP
address of the device that contains the endpoint within the submap. Whether the IP address or device
name is used depends on the setting of the Device Tree UI property in the Administration applet—the
one that appears first is used.
When the endpoint of a discovered link is not known (the link terminates in a L2 cloud) the unknown
port is indicated with a question mark.
NOTE
If there are more than 400 nodes on a map, link annotations are not displayed.
If there are multiple links running between two devices, each link is shown individually as long as there
are 25 links or less. If more than 25 links connect two devices, they are represented as a composite link.
For a composite link, the link annotation provides the total number of links in the composite and the
number of links in each applicable status category (up, down, partially up, or unknown).
A link also shows the following information:
The width of the link line indicates the link type:
• A thick line indicates a gigabit link
• A thin line indicates a 10/100 link
• A very thick line indicates a composite link.
The color of the link line indicates the link status:
• A green line indicates that the link is up
• A red line indicates that the link is down
• A yellow line may be displayed for composite or load-shared links:
— For a composite link, yellow indicates that some of the links in the composite are up, and some
are down or unknown.
— For links that are members of a load shared group, yellow indicates that one or more load-shared
links are down. All links in the group will be displayed as yellow if one or more of the links in
the group is down.
• A grey line indicates that the link status is unknown
A broken line (when viewing VLANs) indicates that the selected VLAN does not exist or may be
misconfigured at one of the endpoints.
If RMON statistics are enabled for the map, then link utilization (as a percentage of link capacity) will
be displayed for each port on a link between devices that have RMON enabled in the device. The
utilization is updated at the nominal RMON rate as set in the switch—typically every 30 seconds. The
default is that RMON statistics are not enabled for a map. To enable the display of RMON statistics, see
“Setting Map Properties” on page 311.
290
EPICenter Software Installation and User Guide
Displaying a Network Topology View
NOTE
If RMON statistics are not enabled in the switch, then no statistics will be displayed, even if you enable
the display of RMON statistics for the map.
Manipulating Map Elements
Map elements (nodes and links) can be resized, cut to a clipboard, pasted, deleted and added. There are
a number of ways to invoke these actions:
• Select a command from one of the menus in the Topology View menubar
• Select a command from a pop-menu enabled with a right-cursor click on the map background
• Select a command icon from the Topology View toolbar
• Use one of the Topology applet keyboard short cuts, or (under Windows 2000 or Windows XP)
through the regular Windows mouse and cursor actions and keyboard shortcuts
For example, you can resize an individual node by selecting the node and doing one of the following:
• Use the cursor to grab one of the resize handles that appear when the node is selected, and drag the
handle to resize the node
• Select the Inflate Nodes or Deflate Nodes command from the Map Menu
• Use the keyboard shortcuts ([Alt]+I or [Alt]+D) for those commands (see the sections “Inflating the
Map Nodes” and “Deflating the Map Nodes” on page 309).
Map Element Description Panel
When you select a map node or link with the cursor, the panel below the Map Hierarchy Tree displays
information about the node or link.
Map Nodes
For map nodes the information panel displays the following:
• Name: The node name—can be edited for submap nodes, L2 cloud nodes, decoration and text nodes.
Cannot be edited for device nodes and device hyper nodes.
• Annotation: an optional identifier for device nodes and device hyper nodes
• Type: The type of node (Device, Submap Node, L2 Cloud, Decoration Node, Text Node, or Hyper
Node)
• Status: The node status (Up, Down, or None)
• IP: IP address for a Device node, n/a for any other node type
• MAC: MAC address for a Device node, n/a for any other node type
• Vendor: Device vendor name for a Device node, n/a for any other node type
• Product: Product name for a Device node, n/a for any other node type
• Device: Device name obtained from the sysName variable for a Device node, n/a for any other node
type
• VLANs/Ports list: If the Display VLANs option is enabled, displays the VLANs configured on the
device. Appears for Device Nodes and Device Hyper Nodes only.
EPICenter Software Installation and User Guide
291
Network Topology Views
Link Nodes
For individual links, the information panel displays the following information:
• Status: The status of the link—up, down, partially up (for load-shared links only) or unknown.
Partially up indicates that one or more of the links in the load shared group is down. In this case, all
other links in the load-shared group are considered partially up.
• Type: The link type (speed) —10/100, 1000, or unknown
• Load shared: Whether the link is load shared (yes or no)
In addition, for each link endpoint, the following information is displayed:
• Node: The name of the node that contains the endpoint
• Device: The name of the device represented by the endpoint node
• Port: The device port or slot and port to which the link connects, if known
• Load Shared Ports: The device represented by the endpoint node is not displayed if the port is not
load shared.
• Utilization: The utilization percentage, if RMON is enabled on the device and if RMON statistics are
enabled for this map. The default is that RMON statistics are not enabled for a map. This is updated
regularly, typically every 30 seconds
• Total errors: The total errors, if RMON is enabled on the device and if RMON statistics are enabled
for this map. This is updated regularly, typically every 30 seconds
• VLANs/Ports list: Displays the VLANs configured on that port.
Composite Link Nodes
For composite links, the information panel displays the following information:
• Status: The overall status of the composite link— up, down, partially up, or unknown. Partially up
indicates that some links in the composite are up, some are down.
• Link count: The number of individual links in the composite link.
• Links Status: The number of links up, partially up, down and unknown.
In addition, for each link endpoint, the following information is displayed:
• Endpoint 1 and Endpoint 2: The name of each endpoint node
• Endpoint 1 device and Endpoint 2 device: The device type or each endpoint node
• A table showing the endpoint ports (or slot and port) for each individual link in the composite link,
along with the link status and whether the link is load shared. You may need to move the right side
boundary of the panel to see the last two columns.
Manipulating Topology Views and Maps
You can create new topology views or move elements around on existing maps in a number of ways.
The Topology View applet provides a number of ways to invoke the various commands and functions:
• A series of pull-down menus. All commands and functions can be accessed from these menus
• A set of icons that represent a commonly-used subset of the functions available
292
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
• A pop-up menu you can invoke by clicking the right mouse button on any unoccupied area of the
map background
• A pop-up menu you can invoke by right-clicking on a Device map node
• Keyboard shortcuts for some functions
The various methods you can use to perform a command are described under each command or
function.
Creating a New View or a New Map
The Default map contains all the network devices known to EPICenter, arranged based on EPICenter’s
internal algorithms (see the discussion on page 294 in the section “Displaying a Network Topology
View”). However, it is often convenient to create views based on other criteria, such as physical
location, departmental organization, and so on. The Topology applet lets you create additional views
that organize your network elements in any way you wish.
Creating a New View
You can create a new view (and its Root Map) by selecting New View from the New menu.
A Create New View dialog box opens, as shown in Figure 140.
Figure 140: Creating a new View
• Enter a name for the view.
• Select the Auto populate view option to add the devices currently in the EPICenter inventory
database to the new View. Submaps, L2 clouds and hyper nodes will be created as needed. In
addition, as new devices are added to EPICenter, they will also be added to the view. If you do a
Discovery after you have created a view with the auto populate option enabled, all new discovered
devices will be added to the view.See “Node Placement Criteria in an Auto Populate View” on
page 294 for detailed information.
• Uncheck the Display device names checkbox to hide device names on the maps. The default is to
display the names.
• Uncheck the Display node icons checkbox to use plain boxes to indicate map nodes instead of icons
representing specific device types. The default is to use device icons.
• Set the Map Node Font Size to change the size of the font used for map node labels (names,
annotations, IP addresses and so on). The default is a 12 point font.
EPICenter Software Installation and User Guide
293
Network Topology Views
If your map will contain a large number of nodes, you may need to eliminate the device names and
node icons from the display, and reduce the font size in order to fit all the map elements onto a map
with adequate spacing.
When you click OK, a new root map is displayed. If the Auto populate view option is not selected, a
new blank root map is displayed. If Auto populate view is selected, nodes, submaps and other map
elements are created based on the current EPICenter inventory. The new view name appears in the
View field at the left of the icon bar.
Each newly-created map inherits the current view’s properties for display node names, display node
icons, and map node font size.
Displaying a View
You can display the Default view or any other views you have created by selecting the View name from
the pull down list in the View field.
Renaming a View
You can rename the view by clicking in the View field and typing over the view name. Click away from
the View field to commit the change.
Node Placement Criteria in an Auto Populate View
When you do a Discovery or add a device in the Inventory applet, the newly added devices are placed
into the default topology view (named “Default”). If you have created other maps with the Auto
Populate View feature enabled, those views are also populated with the newly added devices. Device
connectivity and the map hierarchy is determined by the information learned from the EPICenter
database.
For views with the Auto Populate View option enabled, EPICenter places devices on the Root Map or
into submaps based on the following criteria:
• Devices with IP Forwarding enabled are always placed on the Root Map
• Devices without IP Forwarding enabled are placed in submaps based on the subnet mask associated
with the IP interface used by EPICenter to manage the device. In the Default view, submaps are
named based on the subnet IP address plus the subnet mask: for example, 10.205.0.0/16,
10.205.0.0/24, and so on.
Both Extreme and third-party devices are placed using these rules. For Extreme devices, you can find
the subnet mask and IP Forwarding status by looking at the device in the VLAN applet. For third-party
devices, you must query the device itself if you want to determine these settings.
Within a map, the Topology Manager attempts to optimize the layout to minimize node and link
overlap. If there are more than 400 links in a single map, the Topology Manager does not put labels
(annotations) on the links. It displays a warning telling you that link labels will not appear.
If there are more than 400 nodes to be placed in a single map, the Topology Manager displays a
warning that computing the default layout may take a significant amount of time (see Figure 141). You
can then choose to have the nodes laid out in a simple row/column grid.
294
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
Figure 141: Map layout warning for placement of more than 400 nodes
If you want to proceed with the default (optimized) layout, check the Default Map Layout checkbox.
Even though the default layout may take a long time, it only needs to be done once, and produces a
more optimal layout. To specify a grid layout (which may result in overlapping links) check the Grid
Map Layout checkbox. To bypass the layout process, check cancel.
Figure 143 shows an example of a the default layout for a 405 node map. Figure 143 shows the same
nodes in a grid layout.
Figure 142: Example of a default layout for a 410 node map
EPICenter Software Installation and User Guide
295
Network Topology Views
Figure 143: Example of a grid layout
Creating a New Submap
You can create a new map by doing one of the following:
• Select New Map from the New menu
• Click the “Create new map” icon on the icon bar:
A new submap node appears on the map, and a New Map entry appears in the map hierarchy tree, as
shown in Figure 144.
296
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
Figure 144: Adding a new map
To give the submap a different name, select the submap node, and change the name in the name field in
the Information panel. The change will take effect when you click away from the submap node.
You can also change the name of any map (including the Root Map) by clicking slowly twice on the
name in the Map Tree Hierarchy. This puts you into an edit mode where you can change the name.
When editing the map name in either location, you can cancel the edit with the [Esc] key, as long as you
have not yet committed it.
You can commit the change with the [Enter] key, or by clicking in a different panel from the one where
you are editing.
Adding Elements to the Map
You can add a variety of elements to your map: device nodes, submap nodes, links, decorative nodes,
and text “nodes”.
Adding a Device Node
You can add device nodes to your map by doing one of the following:
• Select New Device Map Node from the New menu
• Right-click on the map background to display the pop-up menu, then select New Device Map Node
• Click the “Create new device map” node icon on the icon bar:
A pop-up window appears with a list of all devices currently known to EPICenter, that are not already
used somewhere in this view. A count of devices in the list is displayed at the top of the window. If all
devices known to EPICenter are already placed in this view, a message window informs you of that
fact.
To add a device node to the map, select the device and click OK.The device node will appear on the
map, identified by the information from EPICenter’s inventory database.
EPICenter Software Installation and User Guide
297
Network Topology Views
If the device has known links to other devices already on the map, or on other submaps within the
same view, those links will also be placed on the map. An L2 cloud node or a hyper node, may also be
placed on the map, if required for connectivity between the devices.
If all devices known to EPICenter are already placed in this view (on any of the maps in the view) the
pop-up window will inform you of that fact.
L2 Cloud Nodes and Hyper Nodes. You cannot add L2 cloud nodes and you cannot add or remove
hyper nodes to or from your map; they are added automatically if the connectivity between device
nodes requires it.
Adding a Decorative Node
You can add a decorative node to your map by doing one of the following:
• Select New Decorative Map Node from the New menu
• Right-click on the map background to display the pop-up menu, then select New Decorative Map
Node
A decorative map node is a node that can be used to represent any component of your network that is
not recognized or managed by EPICenter.
You can change the node name by selecting the node, and editing the contents of the name field in the
Information panel. The change will take effect when you click away from the submap node.
Adding a Text Node
You can add a text node to your map by doing one of the following:
• Select New Text Map Node from the New menu
• Right click on the map background to display the pop-up menu, then select New Text Map Node
A text map node can be used to annotate your map, such as to create a title for the map.
Adding a Map Link
There may be situations where you want to represent a link between devices when a “real” link cannot
be detected by EPICenter. This may be the case if EDP is disabled on a device, if the device is a
non-Extreme Networks device, or if EDP is not supported by the version of ExtremeWare running on
the device. In these cases you can add a link between nodes on your map by doing the following:
• Select New Map Link from the New menu
A link is added to your map, as shown in Figure 145.
298
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
Figure 145: Adding a link to your map
To attach the link between two map nodes:
1 Select one of the red triangles, then wait until a move cursor appears
2 Drag and drop one end of the link onto one of the node you want to connect
3 Do the same with the other end of the link
After the link is connected, you can specify endpoint for the link. To specify the end points:
1 Select the link
2 In the Information panel, select the port for the endpoint from the list in the Port field for first device
3 Select the port for the other endpoint from the list in the Port field for second device, as shown in
Figure 146
EPICenter Software Installation and User Guide
299
Network Topology Views
Figure 146: Specifying ports for a new link connection
There are a number of restrictions that apply to the behavior of manually-created links:
• These links appear only on the map where they were created—they will not exist between the same
devices in any other view.
• These links are NOT update when the status or end-point of the real link it represents is changed. If,
due to such a change, the real link is discovered by EPICenter (for example, the endpoint is moved
to a device where EDP is enabled) a new link is created on the map in addition to the
manually-created link.
• If the device to which a manually-created link attaches is cut from the map, the link must be
manually recreated when the device is pasted back.
Discovering Links Between Devices
EPICenter will eventually discover new links between devices or rediscover links you have deleted
from the map if they are real existing links that are up. However, if you want to have EPICenter
discover new links immediately, instead of waiting for the next polling cycle, you can use the Discover
Links command.
You can also use Discover Links to remove links that no longer exist. Since EPICenter cannot
distinguish between a link that no longer exists and a link that is down, when a link is moved,
EPICenter will continue to show the obsolete link as a down link. The Discover Links command will
remove these.
To have EPICenter rediscover all existing links between devices, do the following:
• Select Discover Links from the New menu
EPICenter will add or update the links that exist between the devices on your map, and will remove
any links whose connectivity or status it cannot determine. It will also eliminate any L2 clouds that are
no longer needed.
300
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
NOTE
If there is a existing link that is down when you do a Discover Links, EPICenter will remove that link,
since it cannot discover links from which it cannot get status. However, if you have auto-populate turned
on for the map, the real link will be added back to the map once the link comes back up.
Editing the Map
You can edit your topology views in a number of ways, including changing the names of the views and
maps, and cutting, pasting, or deleting map elements.
Renaming a Topology View
You can change the name of a view (including the Default view) by doing one of the following:
• Select Rename View from the Edit menu
• Click once on the view name in the view name field
Either of these actions puts you into an edit mode where you can directly change or replace the contents
of the field.
Deleting a View
To delete the entire current view, select Delete View from the Edit menu. You will be asked to confirm
that you want to delete the entire view. This function deletes the currently displayed view, including all
of its maps.
Once the view is deleted, the next remaining view is displayed, if there are any other views.
NOTE
You can use this command to delete the Default view. However, if you do this, it will be difficult to
recreate the view and its submaps.
Renaming a Map
You can change the name of the current map by doing one of the following:
• Select Rename Map from the Edit menu
• Click twice on the Map name in the Map Hierarchy Tree
Either of these actions puts you into an edit mode where you can change or replace the name in the
Map Hierarchy Tree.
You can also change the name of the map in the Map Properties window, as discussed in “Setting Map
Properties” on page 311.
Deleting a Submap
To delete a submap, you must first display the submap you want to delete, and delete all the elements
on the map. You can then delete the submap by selecting Delete Map from the Edit menu. You can also
delete a submap by clicking the submap node on its parent map.
EPICenter Software Installation and User Guide
301
Network Topology Views
You will be asked to confirm that you want to delete the map.
NOTE
A submap must be empty before you can delete it.
You cannot use the Delete Map command to delete the Root Map.
To delete the Root map you must delete the entire View with the Delete View command.
Cutting Map Nodes
You can cut selected device, decorative, or text nodes from the map in order to paste them in another
location.
• You can cut a submap node as long as it is empty
• You cannot cut a hyper node. A hyper node will be removed automatically as appropriate, if all
nodes on the current map that have links to that node, are removed
• L2 cloud nodes can be cut, but cannot be pasted.
To cut one or more nodes, do the following:
1 Select the nodes you want to cut. You can select multiple nodes by dragging the cursor to
rubber-band the selection, or by using Shift-click (hold down the shift key while clicking the cursor
on the nodes you want to select).
2 Cut the nodes by doing one of the following:
— Select Cut Map Nodes from the Edit menu
— Click the “Cut nodes from map” icon on the icon bar
— Right-click on the map background to display the pop-up menu, then select Cut Map Nodes
— Enter [Alt]+X from the keyboard
NOTE
You are NOT asked to confirm this action: if you cut a node by mistake, you will just need to paste it
back again to the map.
To remove nodes from the map without provision for pasting them, use the Delete Map Nodes
command.
Pasting Nodes onto a Map
Once you have cut one or more nodes, you can paste them onto another map by doing one of the
following:
• Select Paste Map Nodes from the Edit menu
• Click the “Paste” icon on the icon bar
• Right-click on the map background to display the pop-up menu, then select New Device Map Node
• Enter [Alt]+V from the keyboard
These commands will only be available if there are cut nodes currently on the clipboard.
302
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
If nodes are pasted partially or completely on top of one another, you can use the Layout Map
command (see “Map Layout” on page 305) to rearrange them.
NOTE
Cutting and pasting nodes does NOT preserve manually-created links between the nodes. Links that
are automatically discovered may be recreated after the nodes are pasted, but links that were created
manually must be recreated manually.
NOTE
If an L2 cloud node was among those you selected to cut, it may not necessarily be pasted back with
the other nodes. Another L2 cloud is created only if EPICenter determines that it is necessary for
representing device connectivity.
Deleting Nodes from the Map
You can delete selected device, decorative, or text nodes from the map, as opposed to cutting them for
later pasting.
• You can delete a submap node as long as it is empty
• You cannot delete hyper nodes. A hyper node is deleted automatically when the actual node it
represents is deleted
• L2 cloud nodes are deleted when they are no longer needed. You can also delete them manually
To delete one or more nodes, do the following:
1 Select the nodes you want to delete. You can select multiple nodes by using Shift-click (hold down
the shift key and click the cursor on the node you want to select).
2 Delete the nodes by doing one of the following:
— Select Delete Map Nodes from the Edit menu
— Right-click on the map background to display the pop-up menu, then select Delete Map Nodes
CAUTION
You will NOT be asked to confirm that you want to delete the nodes. If you delete nodes accidently, you
will need to add them again to the map.
Deleting Links from the Map
You can remove one or more links from the map using the Delete Map Links command.
To delete one or more links, do the following:
1 Select the links you want to delete. You can select multiple links by using Shift-click (hold down the
shift key and click the cursor on the link you want to select).
2 Delete the links by doing one of the following:
— Select Delete Map Links from the Edit menu
— Right-click on the map background to display the pop-up menu, then select Delete Map Links
EPICenter Software Installation and User Guide
303
Network Topology Views
CAUTION
Active links that were created automatically by EPICenter will be recreated automatically on the next
polling cycle as long as the endpoints they linked are still present on the map. The only links that can
be permanently deleted are manually-created links or links that cease to exist.
CAUTION
Links that have been deleted cannot be pasted. Manual links must be recreated manually.
Selecting All Nodes in a Map
You can select all the nodes in a map by doing one of the following:
• Select Select All Map Nodes from the Edit menu
• Enter [Alt]+A from the keyboard
NOTE
To move a multiple-node selection as a group, hold down the shift key while dragging to preserve the
multiple-node selection.
Setting View Properties
You can change the properties you set when you created a new view (or change the properties of the
Default view) using the View Properties... function. To display the View Properties window, do one of
the following:
• Select View Properties... from the View menu
• Right-click on the map background to display the pop-up menu, then select View Properties...
The View Properties window appears, as shown in Figure 147.
Figure 147: Setting View properties for the current view
304
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
To change the properties for the current view, do the following:
• Select the Auto populate view option to add the devices currently in the EPICenter inventory
database to the View. Submaps, L2 clouds and hyper nodes will be created as needed. In addition, as
new devices are added to EPICenter, they will also be added to the view. If you do a Discovery after
you have created a view with the auto populate option enabled, all new discovered devices will be
added to the view.See “Node Placement Criteria in an Auto Populate View” on page 294 for detailed
information.
• Uncheck the Display device names checkbox to hide device names on the maps. Check the
checkbox to show the device names.
• Uncheck the Display node icons checkbox to use plain boxes to indicate map nodes instead of icons
representing specific device types. Check the checkbox to display node icons.
• Set the Map Node Font Size to change the size of the font used for map node labels (names,
annotations, IP addresses and so on). The default is a 12 point font.
• Check the Update map properties checkbox to cause these settings to override any individual map
settings for all current maps in this view. If you do not check this, exisitng maps will retain the
current values of their map properties.
NOTE
Once you change these settings, any new (future) maps you create within this view will inherit the
changed view property settings, regardless of the setting for the Update Map Properties property.
Map Viewing Functions
EPICenter’s Topology applet provides a number of ways to view and manipulate the layout of a
topology map.
The size and layout of map nodes is saved at every map operation (except for the map zoom level).
Map Layout
You can drag map nodes around on the map yourself, or you can have EPICenter lay out the map
nodes for you. To have EPICenter do the map layout, do one of the following:
• Select Layout Map from the Map menu
• Click the “Layout” icon on the icon bar
• Click with the right mouse button on the map background to display the pop-up menu, then select
Layout Map
• Enter [Alt]+L from the keyboard
This calculates a default map layout, optimizing for node and link placement to minimize overlap. If
necessary, the Topology Manager may create a layout that is larger than the visible window area. In this
case, scroll bars allow you to view different parts of the map.
If there are a large number of nodes, the Topology Manager gives you the option of using a grid layout
instead of the default layout. See “Node Placement Criteria in an Auto Populate View” on page 294 for
more information on how layouts are determined.
Figure 148 shows the visible portion of the default layout produced for a map with approximately 100
nodes.
EPICenter Software Installation and User Guide
305
Network Topology Views
Figure 148: Default map layout optimized to minimize node and link overlap.
You can use the Expand Map and Compress Map commands to increase or decrease the space between
nodes in the map. You can also move map nodes by selecting them and dragging them to the location
where you want them placed.
Laying Out a Map in Window
If the default map layout creates a map that is larger than the visible area of the Topology Manager
window, you can have the Topology Manager attempt to optimize the map layout within the visible
area of the window. To have EPICenter optimize the map layout within the current window, do one of
the following:
• Select Layout Map In Window from the Map menu
• Click with the right mouse button on the map background to display the pop-up menu, then select
Layout Map in Window
• Enter [Alt]+M from the keyboard
Figure 149 shows the same nodes as shown in Figure 148, but laid out to fit within the visible area of
the window.
306
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
Figure 149: Map layout produced by Layout Map in Window command
Fitting a Map in the Window
If the default map layout is larger than the visible area of the Topology Manager window, you can have
the Topology Manager shrink the map to fit into the visible area of the window. To have EPICenter
shrink the map layout to fit within the current window, do one of the following:
• Select Fit Map In Window from the Map menu
• Click with the right mouse button on the map background to display the pop-up menu, then select
Fit Map in Window
• Enter [Alt]+W from the keyboard
This function does not attempt to optimize the layout for node or link overlap. To attempt to optimize
the layout, use the Layout Map in Window command. Figure 150 shows the effects of using the Fit
Map in Window command on the map layout shown in Figure 148.
EPICenter Software Installation and User Guide
307
Network Topology Views
Figure 150: Map layout produced by Layout Map in Window command
Expanding the Map
The Expand Map function increases the length of the links between map nodes without changing the
size of the nodes. To expand the current map, do one of the following:
• Select Expand Map from the Map menu
• Enter [Alt]+E from the keyboard
Because this command affects map links, nodes that do not have links are not moved.
Compressing the Map
The Compress Map function decreases the length of the links between map nodes without changing the
size of the nodes. To compress the current map, do one of the following:
• Select Compress Map from the Map menu
• Enter [Alt]+S from the keyboard
Because this command affects map links, nodes that do not have links are not moved.
Inflating the Map Nodes
The Inflate Nodes function increases the size of some or all of the nodes on the current map, without
changing the spacing between the nodes.
308
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
By default (if you do not select any specific nodes) the command will inflate all nodes on the current
map. If you select one or more nodes, the command will inflate just the nodes you’ve selected. You can
select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you
want to select).
To inflate the selected nodes, do one of the following:
• Select Inflate Nodes from the Map menu
• Enter [Alt]+I from the keyboard
Deflating the Map Nodes
The Deflate Nodes function decreases the size of some or all of the nodes on the current map, without
changing the spacing between the nodes.
By default (if you do not select any specific nodes) the command will deflate all nodes on the current
map. If you select one or more nodes, the command will deflate just the nodes you’ve selected. You can
select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you
want to select).
To deflate the selected nodes, do one of the following:
• Select Deflate Nodes from the Map menu
• Enter [Alt]+D from the keyboard
Zooming In
The Zoom In function expands the entire map, both the size of the nodes as well as the spacing
between them. To zoom in the current map, do one of the following:
• Select Zoom Map In from the Map menu
• Click the In icon on the icon bar
• Enter [Alt] and the [Plus] from the numeric keypad on the keyboard
Unlike the other map manipulation commands, the zoom level is not saved with the map.
Zooming Out
The Zoom Out function shrinks the entire map, both the size of the nodes as well as the spacing
between them. To Zoom Out the current map, do one of the following:
• Select Zoom Map Out from the Map menu
• Click the Out icon on the icon bar
• Enter [Alt] and the [Minus] from the numeric keypad on the keyboard
Unlike the other map manipulation commands, the zoom level is not saved with the map.
EPICenter Software Installation and User Guide
309
Network Topology Views
Unzooming the Map
The Unzoom Map function restores the map to the size it was prior to any Zoom In or Zoom Out
actions. To “unzoom” the map, do one of the following:
• Select Unzoom Map from the Map menu
• Enter [Alt]+R from the keyboard
Undoing Your Map Edits
You can undo your last ten map layout and sizing actions one by one using the Undo Map Edit
function. Each Undo Map Edit action undoes your previous editing action. To undo the most recent
edit, do one of the following:
• Select Undo Map Edit from the Map menu
• Enter [Alt]+U from the keyboard
This command does not undo delete, cut or paste of map elements. It stores only the last ten map layout
and sizing actions.
Printing a Map
You can print the current map using the Print Map function. To print a map, display the map you want
to print and then do one of the following:
• Select Print Map from the Map menu
• Click the Print icon on the icon bar
• Enter [Alt]+P from the keyboard
Printing a large map can be very memory-intensive, and can take a significant amount of time.
NOTE
Landscape mode and plotters are not supported.
Finding a Map Node
If your map has a large number of nodes, it may be difficult to quickly find a specific node you’re
interested in seeing. The Find Map Node function lets you select a node from the list of all nodes in the
current view, and will then find and “select” that node.
To find a node, do one of the following:
• Select Find Map Node... from the Map menu
• Right-click on the map background to display the pop-up menu, then select Find Map Node...
• Enter [Alt]-F from the keyboard
You are presented with a list of all the nodes in the current view (see Figure 151). The list includes the
name of the node, the IP address, the node type, and the map where it can be found. The total number
of nodes in the list is displayed at the top of the window.
310
EPICenter Software Installation and User Guide
Manipulating Topology Views and Maps
Figure 151: Finding a node in the current view
• To find a node, select the node and click the Find button.
This will display the appropriate submap, if necessary, and highlight the node you have selected.
The Find Map Node window will continue to be displayed until you dismiss it with the Close button.
You can move around among different maps and views while the Find Map Node window is
displayed.
If you change views while the Find Map Node window is displayed, the list of devices will no longer
be correct. To update the list to reflect the current view, click the Refresh button.
Setting Map Properties
There are a number of properties you can set for the current map, such as the background color or
image, node background color and style, node and link text color, and whether RMON statistics should
be enabled for the devices on this map.
To display the Map Properties window, do one of the following:
• Select Map Properties... from the Map menu
• Right-click on the map background to display the pop-up menu, then select Map Properties...
The Topology Map Properties window will appear, as shown in Figure 152.
EPICenter Software Installation and User Guide
311
Network Topology Views
Figure 152: Setting Map Properties for the current map
In this window you can do the following:
• To change the name of the map, modify the name in the Name field
• To select a background image for the map, select the image you want from the drop-down list in the
Background Image field
• To change the height and width (in pixels) for the background image, enter the number of pixels in
the Background Image Width or Background Image Height field
• To select the coordinates (in pixels) where the upper left hand corner of the background image
should be placed, enter the number of pixels in the Background Image X or Background Image Y
field
• To change the map background color, click the color bar icon labeled Map Background Color. This
displays a color selection window where you can select the color you want. You can select a color
using color swatches, or by specifying HSB or RGB values. The current color is displayed in the
small box to the right of the color bar icon.
• To change the node background color for non-transparent map nodes, click the color bar icon labeled
Node Background Color. This displays a color selection window where you can select the color you
want. You can select a color using color swatches, or by specifying HSB or RGB values. The current
color is displayed in the small box to the right of the color bar icon.
NOTE
Device nodes that display the node icon use a transparent background color. Thus, the node
background color setting is ignored for these nodes. The background color affects only submap
nodes, device hyper nodes, and device nodes that do not display a device icon.
• To set the color used to label nodes, click the color bar icon labeled Node Text Color. This displays a
color selection window where you can select a color by using color swatches, or by specifying HSB
or RGB values. The current color is displayed in the small box to the right of the color bar icon.
• To set the color of the text used to label links, click the color bar icon labeled Link Text Color. This
displays a color selection window where you can select a color using color swatches, or by
specifying HSB or RGB values. The current color is displayed in the small box to the right of the
color bar icon. The default is black.
• To use a gradient node background color (the color is shaded from light to dark to light), click the
checkbox labeled Node Gradient Background. To turn the gradient off, so that the node background
312
EPICenter Software Installation and User Guide
Displaying VLAN Information
will be a uniform solid color, click in the checkbox to remove the check mark. The default is to use a
gradient background.
• Set the Map Node Font Size to change the size of the font used for map node labels (names,
annotations, IP addresses and so on). The default is a 12 point font.
• Uncheck the Display device names checkbox to hide device names on the maps. Check the
checkbox to show the device names. The default is to display device names.
• Uncheck the Display node icons checkbox to use plain boxes to indicate map nodes instead of icons
representing specific device types. Check the checkbox to display node icons. The default is to
display device icons.
• To select whether RMON statistics should be enabled for this map, click the checkbox labeled Rmon
Statistics. When RMON statistics are on for a map, the percent utilization will be displayed for links.
RMON statistics can be enabled separately for each map in the view. The default is to have RMON
statistics disabled for the map.
NOTE
It is possible to disable RMON statistics for the Topology applet as a whole, so that the Rmon
Statistics checkbox will not have any effect. This is done setting RMON properties on the Server
Properties page of the Administration applet.
Adding Map Background Images
You can add images of your own to use as background images for topology maps by placing them in
the BackgroundImages directory in the EPICenter server installation.
Both.gif and .jpg image types are supported.
Background images are kept in the directory
<epicenter_install_dir>\extreme\gifs\topology.BackgroundImages
where <epicenter_install_dir> is the root directory of your EPICenter server installation (by default
epc4_1 in the Windows operating environment, or /opt/extreme/epc4_1 on a Solaris system).
Displaying VLAN Information
The Topology applet can provide information on the VLANs configured on the switches in a map.
VLAN information is not displayed by default.
You can view VLAN information in several ways within the Topology View applet:
• By VLAN, which highlights all devices and links on the current map with ports in a selected VLAN.
• By device, which displays a list of VLANs configured on the selected device node.
VLAN information for links is always displayed in the Map Element Description Panel whenever a link
is selected, regardless of the VLAN Display mode.
To enable the VLAN information display for devices on a map, do one of the following:
• Click the VLANs icon in the Topology applet Toolbar.
EPICenter Software Installation and User Guide
313
Network Topology Views
• Select Display from the menu bar, and then select VLAN information. This is a toggle menu item;
select it once to display VLAN information, select it again to remove the VLAN information display.
When you enable the VLAN information display, a drop down field appears in the applet Toolbar that
lists all the VLANs configured for devices on the map.
• To view VLAN information by VLAN on the current map, select the VLAN from the drop-down list. The
links and devices that are involved in the VLAN are highlighted on the map, devices and links not
in the VLAN are dimmed. Figure 153 shows the VLAN display for a single node on the map.
Figure 153: Displaying VLAN information
If a link is displayed as a broken line, this means that a VLAN with the selected name does not exist
on one of the ports in that link. This typically indicates a misconfiguration. However, it is possible
that a compatible VLAN with a different name exists on the other port, and no misconfiguration
exists. For example, you could have an untagged VLAN vlan1 on one port, and untagged VLAN
vlan2 on the other port. Thus when you select either vlan1 or vlan2 the link is displayed as a broken
line, but traffic will flow successfully between the two VLANs.
• To view the VLANs configured on a device, select the device node on the map. The Map Element
Description panel on the left-hand side of the window displays information about the VLANs
configured on a selected device node. For more detailed information about the VLANs on a device,
you can right-click on the device and select Device VLANs from the pop-up menu that appears. See
“Device VLANs” on page 320 for more information.
NOTE
If you have a large number of VLANs configured on the device, it could take a while to display the
VLANs. Do not deselect the node while this is in progress.
314
EPICenter Software Installation and User Guide
Using the Tools Menu
• To view VLANs configured on a link, select the link. VLAN configuration information for the devices
on both sides of the link is displayed in the Map Element Description panel. (Note that this
information is always displayed for links, even if you do not have the VLAN Display option
selected.)
Using the Tools Menu
Using the tools menu, you can add links to a VLAN, connect edge ports to a VLAN, and view a variety
of information about the devices represented by the nodes on the map. By selecting a function from the
Tools menu, or from the Device pop-up menu, you can invoke displays of information kept by
EPICenter for the selected device.
Mark Links Mode
The Mark Links Mode is a toggle that allows you to click on links to select them. When the toggle is
on, you can select links on different maps. EPICenter remembers all of the links from each map.
Selected links flash on the screen. Mark links mode is required for using the Add Links to VLAN
function.
To set mark links mode, select Mark Links Mode from
the Tools menu, or click the Mark icon on the icon bar
To deselect a link, click on the link.
Adding Links to a VLAN
Use the Add Links to VLAN function to add marked links to a new or existing VLAN.
To add a link to a VLAN, do the following:
• Select Mark Links Mode from the Tools menu.
• Select one or more links to be added to the VLAN.
• Select Add Links to VLAN from the Tools menu.
The Add Links to VLAN Dialog box opens, as shown in Figure 154.
EPICenter Software Installation and User Guide
315
Network Topology Views
Figure 154: Add Links to VLAN Dialog
• To add the selected link to an existing VLAN, select the VLAN from the list. You can add the VLAN
as tagged or untagged by toggling the Add selected links to VLAN as tagged checkbox.
• To add the selected link to a new VLAN, click the Add links to a new VLAN radio button, as
shown in Figure 155.
Figure 155: Add links to new VLAN dialog
• Enter the name of the new VLAN.
• Select untagged or enter tag for the VLAN.
• Select the VLAN protocol.
316
EPICenter Software Installation and User Guide
Using the Tools Menu
• To add the selected links, click OK.
For more information on creating new VLANs, see Chapter 13.
Connecting an Edge Port to a VLAN
Using the Topology applet, you can add an edge port from a selected device to a particular VLAN. As
you add the port, the map view is automatically updated to display your proposed changes.
To connect an edge port to a VLAN, select the node and do one of the following:
• Select Connect Edge Port to VLAN from the Tools menu.
• Right-click on the Device map node, then select Connect Edge Port to VLAN from the pop-up menu
that appears
This starts the Connect Edge Port to VLAN Wizard, as shown in Figure 156.
Figure 156: Connect Edge Port to VLAN Wizard
To use the wizard, do the following:
• Select the name of the VLAN from the VLAN List.
• Select the port from the Available Ports in the Device list.
• If you want to add the port as tagged, click the Add the selected port as tagged port checkbox.
• Click Next.
The second page of the Connect Port to VLAN Wizard appears, as shown in Figure 157.
EPICenter Software Installation and User Guide
317
Network Topology Views
Figure 157: Connect Port to VLAN Wizard (page 2)
If the connection from the selected edge port to the desired VLAN is viable, the Wizard displays
path information, including any additional ports that must be added to the VLAN to accommodate
the connection.
If the Wizard is unable to locate a path between the selected edge port and the desired VLAN, the
Wizard gives you the option of creating the VLAN on the selected device. However, no path from
the device to the VLAN is created.
If you try to add an edge port from a device that is already a member of the desired VLAN, the
Wizard reports that the VLAN is on the same device and that the port will be added without
changing links.
Uncheck Add calculated links if you want to add the selected edge port to the VLAN and you do
not want the found path to be added.
• Click Finish to complete the connection.
• Click Cancel to cancel the operation.
Device Alarms
The Device Alarms function runs the EPICenter Alarm System applet and displays the Alarm Browser
function to show the alarms for the selected device.
To view the Device Alarms display for a selected node, select the node and do one of the following:
• Select Device Alarms from the Tools menu
• Right-click on the Device map node, then select Device Alarms from the pop-up menu that appears
This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log
Browser and displays the alarms for the device associated with the selected Device map node.
See Chapter 5, for details on using this feature.
318
EPICenter Software Installation and User Guide
Using the Tools Menu
Device Browse
The Device Browse function runs the ExtremeWare Vista switch management interface for the selected
device.
To run ExtremeWare Vista for a selected node, select the node and do one of the following:
• Select Device Browse from the Tools menu
• Right-click on the Device map node, then select Device Browse from the pop-up menu that appears
This starts the ExtremeWare Vista login page in a new window.
Refer to the ExtremeWare Software User Guide for more information on using ExtremeWare Vista.
Device Statistics
The Device Statistics function runs the EPICenter Real-Time Statistics applet, and displays port statistics
for the selected device.
To view the Device Statistics display for a selected node, select the node and do one of the following:
• Select Device Statistics from the Tools menu
• Right-click on the Device map node, then select Device Statistics from the pop-up menu that
appears
This starts the Real-Time Statistics applet in a new window, and displays port statistics for the device
associated with the selected Device map node.
See Chapter 11 for details on using this feature.
Device Telnet
The Device Telnet function opens an EPICenter telnet window that is connected to the selected device.
To open a telnet session for a selected device, select the appropriate device node and do one of the
following:
• Select Device Telnet from the Tools menu
• Right-click on the Device map node, then select Device Telnet from the pop-up menu that appears
This starts a telnet session for the device in a new window.
See Chapter 7 for details on using this feature.
Device View
The Device View function runs the EPICenter ExtremeView applet, and displays the device front-panel
image and device information for the selected device.
To view the Device View for a selected node, select the node and do one of the following:
• Select Device View from the Tools menu
• Right-click on the Device map node, then select Device View from the pop-up menu that appears
EPICenter Software Installation and User Guide
319
Network Topology Views
This starts the ExtremeView applet in a new window and displays the front-panel image and
information for the device associated with the selected Device map node.
See Chapter 10 for details on using this feature.
Device VLANs
The Device VLANs function runs the VLAN Manager applet, and displays the VLAN configurations for
the selected device.
To view VLAN configuration information for a selected device, select the appropriate device node and
do one of the following:
• Select Device VLANs from the Tools menu
• Right-click on the Device map node, then select Device VLANs from the pop-up menu that appears
This starts the VLAN Manager in a new browser window, showing information for the selected device.
See Chapter 13 for details on using this feature.
Device Properties
The Device Properties function opens the Device Properties window and displays the properties of the
selected device.
To display properties for a selected device, select the appropriate device node and do one of the
following:
• Select Device Properties from the Tools menu
• Right-click on the Device map node, then select Device Properties from the pop-up menu that
appears
This opens a properties window for the selected device.
For information about the Device Properties window, see Chapter 4.
320
EPICenter Software Installation and User Guide
13 Using the VLAN Manager
This chapter describes how to use the VLAN Manager for:
• Viewing enterprise-wide, tagged and untagged VLAN information for Extreme (Summit and
BlackDiamond) switches managed by the EPICenter software
• Adding new tagged or untagged VLANs to Extreme devices, adding ports to those VLANs, and
modifying IP addresses
• Deleting VLANs
• Modifying VLANs
• Adding and deleting protocol filters
Overview of Virtual LANs
A Virtual LAN is a group of location- and topology-independent devices that communicate as if they
were on the same physical local area network (LAN). Extreme Networks switches have a VLAN feature
that enables you to construct broadcast domains without being restricted by physical connections.
The VLAN Manager creates and manages VLAN for Extreme Networks devices only. It does not handle
other third-party devices, even though third-party devices can be managed through the Inventory
Manager.
If you run the EPICenter client with Administrator or Manager access, you can:
• Create and delete VLANs
• Add or remove ports from existing VLANs
• Modify a VLAN’s IP address
• Enable/disable IP Forwarding
• Create and modify the protocol filters used to filter VLAN traffic
Extreme Networks switches can support a maximum of 3000 VLANs. VLANs on Extreme Networks
switches can be created according to the following criteria:
• Physical port
• 802.1Q tag
• Protocol sensitivity using Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol filters
EPICenter Software Installation and User Guide
321
Using the VLAN Manager
• A combination of these criteria
In the EPICenter system, a VLAN is defined uniquely by the following:
• Name
• 802.1Q tag (if defined)
• Protocol filters applied to the VLAN
As a result, multiple switches are shown as members of the same VLAN whenever all the above are the
same.
For a more detailed explanation of VLANs, see the ExtremeWare Software User Guide.
Displaying a VLAN
When you click the VLAN icon in the EPICenter Navigation Toolbar, the VLAN Manager window is
displayed, as shown in Figure 158.
Figure 158: VLAN Manager top-level view By VLAN, showing devices organized by VLAN
The VLANs currently known to the EPICenter database are displayed in the Component Tree on the
left. The panel on the right shows summary information about each VLAN.
322
EPICenter Software Installation and User Guide
Displaying a VLAN
NOTE
You must add switches to the EPICenter database through Discovery or by using the Add function in
the Inventory Manager. Until you add a switch to the database, you cannot use EPICenter create any
VLANs on that switch.
Information about VLAN configurations is obtained when a switch is added to the database.
The VLAN Manager can display information either by VLAN (showing all the switches with ports that
are members of a specific VLAN) or by switch (showing the VLANs that have members on a specific
switch).
• Select the By VLAN button to display VLANs at the first level of the Component Tree. Listed under
each VLAN is every switch that has the VLAN defined on it (see Figure 158).
When the top level of the tree (the VLANs node) is selected, the right hand panel displays a list of
all VLANs configured on the Extreme Networks switches included to the EPICenter database. The
All VLANs display includes:
• Name—The VLAN name
• Tag—The VLAN tag value (if any) or “Untagged”
• Protocol—The protocol filter configured for the VLAN
Select an individual VLAN to view a summary of the configuration of the switches and ports that
are members of that VLAN.
• Select the By Switch button to display switches at the first level of the Component Tree. Listed
under each switch is every VLAN that is defined on the switch, as shown in Figure 159.
When the top level of the tree (the Switches node) is selected, the right hand panel displays a list of
the Extreme Networks switches known to the EPICenter database on which VLANs are configured.
EPICenter Software Installation and User Guide
323
Using the VLAN Manager
Figure 159: VLAN Manager view By Switch, showing VLANs organized by device
The Devices view includes
• Name—The switch name
• Type—An icon representing the switch type.
Select an individual switch to list the VLANs that are configured on that switch.
Viewing VLANs on a Switch
To view all VLANs configured on an individual switch, select the switch in the Component Tree of the
By Switch view.
Figure 160 shows an example of the All VLANs on Switch view.
324
EPICenter Software Installation and User Guide
Displaying a VLAN
Figure 160: VLAN topology shown by switch
The following information is displayed for each VLAN on the selected switch:
• Name—VLAN name
• Tag—VLAN tag
• Protocol—Protocol filter for the VLAN
• VLAN IP Addr—VLAN IP address
• VLAN IP Mask—VLAN IP Mask
• Ports—Ports on this switch in the VLAN
Viewing Switches in a VLAN
To view all devices configured with a specific VLAN, select the VLAN in the Component Tree of the By
VLAN view.
Figure 161 shows an example of the Devices in VLAN view.
EPICenter Software Installation and User Guide
325
Using the VLAN Manager
Figure 161: VLANs present on the selected switch
Put info here about what is shown for each switch in the selected VLAN:
• Name—Device name
• Type—An icon representing the device Type
• VLAN IP Addr—IP address of the VLAN
• VLAN IP Mask—IP Mask for the VLAN
• Ports—Ports on this switch in the VLAN
Viewing VLAN Member Ports
You can display details about the component ports of a VLAN by selecting a VLAN and switch in the
tree on the left. You can do this from either the By VLAN or By Switch view. Once you have selected a
VLAN and switch (or switch and VLAN) the panel on the right displays detailed information about the
ports in the selected VLAN and switch, as shown in Figure 162.
326
EPICenter Software Installation and User Guide
Displaying a VLAN
Figure 162: VLAN member ports on a selected switch
The port details include the following information about each port:
• Port—The port number
• Type—The port type, shown as an icon. Different icons are used to represent the port types:
10/100Mbps (
100Base-FX (
)
)
100Base-T/TX (
1000BASE-X (
)
)
Tagged ports are shown with a small orange tag (
)
Load-shared ports are indicated with a small green S (
)
• Speed—The port speed
• Duplex—The Duplex setting (Full or Half)
• State—The port state (Enabled or Disabled)
• Status—The port status (Ready or Active)
• Tagging—Whether the port is tagged or untagged
EPICenter Software Installation and User Guide
327
Using the VLAN Manager
Viewing Device Information from Pop-up Menus
From a device entry in the Component Tree (in either the By Switch or By VLAN view) you can select a
VLAN or a device and right-click to display a pop-up menu. The contents of the pop-up menu depend
on the component you have selected:
• In the By VLAN view, select a VLAN and right-click to access the Modify VLAN Membership
command.
• In the By VLAN view, select a device and right-click to display a menu containing the Modify
VLAN Membership, Alarms, Browse, EView, Statistics, Sync, Telnet, and Properties commands.
• In the By Switch view, select a device and right-click to display a menu containing the Alarms,
Browse, EView, Statistics, Sync, Telnet, and Properties commands.
• In the By Switch view, select a VLAN and right-click to access the Modify VLAN Membership
command.
The Modify VLAN Membership command lets you modify the VLAN membership of the VLAN
selected in the Component Tree. You cannot modify IP Forwarding behavior or search for device
connections.The Properties command displays the attributes for a specific device group, device, slot, or
port. The Alarms, Browse, EView, Statistics, Sync, and Telnet commands perform the same functions as
the applets in the Navigation Toolbar to the left of the page, but with information displayed for the
selected device.
Modify VLAN Membership
The Modify VLAN Membership command lets you modify the VLAN membership of the VLAN
selected in the Component Tree. You cannot modify IP Forwarding behavior or search for device
connections. See “Modifying a VLAN from the Component Tree Menu” on page 337 for details on using
this command.
Alarms
The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to
show the alarms for the selected device.
To view the Alarms display for a selected device:
• Right-click on the device, then select Alarms from the pop-up menu that appears
This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log
Browser and displays the alarms for the selected device.
See Chapter 5 for details on using this feature.
Browse
The Device Browse function runs the ExtremeWare Vista switch management interface for the selected
device.
To run ExtremeWare Vista for a selected device:
• Right-click on the device, then select Browse from the pop-up menu that appears
This starts the ExtremeWare Vista login page in a new window.
Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
328
EPICenter Software Installation and User Guide
Displaying a VLAN
EView
The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image
and device information for the selected device.
To view the EView for a selected device:
• Right-click on the device, then select EView from the pop-up menu that appears
This starts the ExtremeView applet in a new window and displays the front-panel image and
information for the selected device.
See Chapter 10 for details on using this feature.
Statistics
The Device Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics
for the selected device.
To view the Device Statistics display for a selected device:
• Right-click on the device, then select Device from the pop-up menu that appears
This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected
device.
See Chapter 11 for details on using this feature.
Sync
Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the
device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to
poll the switch and update all configuration and status information.
To launch the synchronization procedure for a selected device:
• Right-click on the device, then select Sync from the pop-up menu that appears.
This starts the Sync procedure for the selected device.
See Chapter 7 for details on using this feature.
Telnet
The Telnet function opens an EPICenter telnet window that is connected to the selected device.
To open a telnet session for a selected device:
• Right-click on the device, then select Telnet from the pop-up menu that appears
This starts a telnet session for the device in a new window.
See Chapter 7 for details on using this feature.
EPICenter Software Installation and User Guide
329
Using the VLAN Manager
Properties
The Properties function lets you view the attributes for a selected device. The Device Properties window
has five tabs at the top of the window:
• Device
• VLAN
• STP
• Network Login/802.1x
• Syslog Messages
Each tab displays the name of the device and a status “light” which shows the status of the device as
detected by EPICenter.
The Device Tab. The Device tab displays information about the device such as its IP address, MAC
address, and boot time. The main section of the window presents the same information you can view in
the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software
running in the switch provides comprehensive status information.
The VLAN Tab. The VLAN tab lists the VLANs configured on the device.
The STP Tab. The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There
may be more than one entry per STPD if the domain includes multiple VLANs.
The Network Login/802.1x Tab. The Network Login/802.1x tab lists the Network Login/802.1x
information about each user connected to the device.
The Syslog Messages Tab. The Syslog Messages tab lists information about the most recent 500
Syslog Messages received from the device.
For more details about the Device Properties window, see“Device Properties” on page 117 in Chapter 4.
Adding a VLAN
Users with Administrator or Manager access can create VLANs on the Extreme Networks switches
managed by the EPICenter software. If you have Monitor access only, you can not use this function.
To add a new VLAN, do the following:
1 Click the Add button in the VLAN Manager Toolbar.
The Add VLAN dialog box, Properties & Ports page is displayed, as shown in Figure 163.
330
EPICenter Software Installation and User Guide
Adding a VLAN
Figure 163: Add VLAN dialog, Properties and Ports page
2 Enter a descriptive name for the VLAN. The name must begin with a letter followed by up to 31
characters. See the ExtremeWare Software User Guide for details on VLAN naming.
3 Select an entry from the pull-down Protocol Filter list. This selection determines what protocol (if
any) is used to determine membership in this VLAN. If you do not want to specify a protocol, select
ANY. This means the filtering rules will match all unfiltered protocols.
4 If the VLAN is to be tagged, enter a 802.1Q tag value in the Tag field. The tag value can be a number
between 2 and 4095. By entering a tag number, you enable tagging for this VLAN. Enter the text
“untagged” or 0 (zero) to indicate that the VLAN is to be untagged.
5 To add a port to the VLAN, first select the switch from the Available Switches list. This displays a
list of ports on the switch that are available to be included in the VLAN.
NOTE
The Available Ports list does not include ports configured as slave load sharing ports.
6 Select one or more ports from the Available Ports list.
7 Click Tagged to add the port as a tagged port. Click Untagged to add the port as an untagged port.
If this is an untagged VLAN, you are not able to add a tagged port.
If you add a port untagged, EPICenter must remove it from any other VLAN that includes the port
as an untagged member and that uses the same protocol as the VLAN to which you are adding the
port. EPICenter will warn you and let you confirm that this is what you want.
You can add a switch to a VLAN as a unit—just select the switch without selecting any ports, and
click Tagged or Untagged to add the switch to the VLAN.
8 To remove a port from the VLAN, select the port from the Ports in VLAN list, and then click
Remove.
EPICenter Software Installation and User Guide
331
Using the VLAN Manager
9 After you add a device and port to the VLAN, you can use the Connect Device button to determine
whether that port can connect to the other members of the VLAN.
• Select the device you want to check.
• Click the Connect Device button.
If EPICenter can find a path from the device and port to another member of the VLAN, it opens a
Connection Information window that displays information about the path, as shown in Figure 164.
Figure 164: Connection Information window
If additional ports or devices and ports must be added to create a path, EPICenter lists the ports
needed, and offers to add them to the VLAN.
• Click Yes to add the ports.
• Click No to close the Connection Information window without adding the ports.
If EPICenter cannot find a path, it displays an error window.
10 When you have finished adding ports to the VLAN, click Apply to implement the changes.
The VLAN is created on the switches whose ports are members of the new VLAN.
Once you have added a VLAN, you can specify an IP address and mask for the VLAN on each switch,
and also enable or disable IP Forwarding.
1 Select the IP Forwarding tab at the top of the Add VLAN window.
The IP Forwarding page is displayed, as shown in Figure 165.
332
EPICenter Software Installation and User Guide
Deleting a VLAN
Figure 165: Add VLAN dialog, IP Forwarding page
2 Select a switch from the table of switches.
3 Enter an IP address and IP mask. Click the Enable IP Forwarding check box to enable IP forwarding
for this VLAN on the switch.
4 Click Apply to implement the changes.
5 Click Close to exit the window.
Deleting a VLAN
Users with Administrator or Manager access can delete VLANs from Extreme Networks switches
managed by the EPICenter software. If you have only Monitor access, you cannot use this function.
To delete a VLAN, follow these steps:
1 Click the Delete button in the VLAN Manager Toolbar.
The Delete VLAN dialog is displayed, as shown in Figure 166.
EPICenter Software Installation and User Guide
333
Using the VLAN Manager
Figure 166: The Delete VLAN page
2 Select the VLAN you want to delete.
3 Click Delete.
The VLAN is deleted from all the switches on which it exists.
4 Click Close to exit the window.
If any of the switches are offline or unreachable, the VLAN remains with only those switches as a
member.
Modifying a VLAN
Users with Administrator or Manager access can modify the properties of a VLAN, and add and
remove ports from the VLAN. If you have only Monitor access, you can not use this function.
You can start the Modify VLAN process in two ways:
• Click the Modify icon in the VLAN Manager toolbar.
Using this method you can modify both the VLAN membership (devices and ports) and properties
(tag and protocol filter) and modify the IP Forwarding behavior. You can also search for device
connections between devices in the VLAN.
If you select a VLAN before you click the Modify button, the Modify VLAN window will contain
information on the VLAN you selected. If you do not select a VLAN beforehand, you can select one
from within the Modify VLAN window.
See “Modifying a VLAN from the Toolbar” on page 335 for details.
334
EPICenter Software Installation and User Guide
Modifying a VLAN
• Select a VLAN in the Component Tree, right-click to display the pop-up menu, and select Modify
VLAN Membership.
Using this method you can modify only the VLAN membership of the VLAN selected in the
Component Tree. You cannot modify IP Forwarding behavior or search for device connections. See
“Modifying a VLAN from the Component Tree Menu” on page 337 for details.
Modifying a VLAN from the Toolbar
To start the Modify VLAN process from the Toolbar, follow these steps:
1 Click the Modify button in the VLAN Manager Toolbar.
The Modify VLAN dialog, Properties & Ports page is displayed, as shown in Figure 167.
Figure 167: The Modify VLAN dialog, Properties and Ports page
2 Select a VLAN from the drop-down list in the VLAN Name field.
The current values for the VLAN are displayed.
NOTE
The Ports in VLAN list does not display SummitLink ports, because you cannot modify them.
3 To change the Protocol Filter selection, select a different entry from the pull-down Protocol Filter list.
4 To change the VLAN tag, type a new value into the Tag field.
To disable tagging for the VLAN, type “untagged” or 0 (zero) into the Tag field.
5 To remove a port from the VLAN, select the port in the Ports in VLAN list, and click Remove.
6 To add a port to the VLAN, first select the switch from the Available Switches list. This displays a
list of ports on the switch that are available to be included in the VLAN.
NOTE
The Available Ports list does not include ports configured as slave load sharing ports.
EPICenter Software Installation and User Guide
335
Using the VLAN Manager
7 Select one or more ports from the Available Ports list.
8 Click Tagged to add the ports as a tagged ports. Click Untagged to add the ports as an untagged
ports.
If this is an untagged VLAN, you cannot add a tagged port. The tagged button will be greyed out in
this case.
If you add a port untagged, EPICenter must remove it from any other VLAN that includes the port
as an untagged member and that uses the same protocol as the VLAN to which you are adding the
port. EPICenter will warn you and let you confirm that this is what you want.
You can add a switch to a VLAN as a unit—just select the switch without selecting any ports, and
click Tagged or Untagged to add the switch to the VLAN.
9 After you add a device and port to the VLAN, you can use the Connect Device button to determine
whether that port can connect to the other members of the VLAN.
• Select the device you want to check.
• Click the Connect Device button.
If EPICenter can find a path from the device and port to another member of the VLAN, it opens a
Connection Information window that displays information about the path, as shown in Figure 164.
If additional ports or devices and ports must be added to create a path, EPICenter lists the ports
needed, and offers to add them to the VLAN.
• Click Yes to add the ports.
• Click No to close the Connection Information window without adding the ports.
If EPICenter cannot find a path, it displays an error window.
10 When you have finished adding and removing ports, click Apply to implement the changes.
If all ports of a switch are removed from the VLAN, the VLAN is deleted from that switch.
If a port on a new switch is added to the VLAN, then the VLAN is created on that switch.
11 To modify the IP address and mask for a VLAN on a switch, and to enable or disable IP Forwarding,
select the IP Forwarding tab at the top of the Add VLAN window.
The IP Forwarding page is displayed, as shown in Figure 165.
336
EPICenter Software Installation and User Guide
Modifying a VLAN
Figure 168: The Modify VLAN dialog, IP Forwarding page
12 Select a switch from the table of switches.
13 Change the IP address and IP mask as appropriate. Click the Enable IP forwarding check box to
enable or disable IP forwarding for this VLAN on the switch.
14 Click Apply to implement the changes.
15 Click Close to exit the window.
Modifying a VLAN from the Component Tree Menu
To start the Modify VLAN process for a VLAN in the Component Tree, follow these steps:
1 Select a VLAN in the Component Tree.
2 Right-click to display the pop-up menu, and select Modify VLAN Membership.
The Modify Membership of VLAN dialog opens, as shown in Figure 169.
EPICenter Software Installation and User Guide
337
Using the VLAN Manager
Figure 169: Modify Membership of VLAN window
3 To add a port to the VLAN, first select the switch in the Component Tree on the left. The Resource
Table displays a list of ports on the selected switch that are available to be included in the VLAN.
NOTE
The list of port resources does not include ports configured as slave load sharing ports.
4 Select one or more ports from the port resources list.
5 Click Add Tagged to add the port as a tagged port. Click Add Untagged to add the port as an
untagged port.
If this is an untagged VLAN, you cannot add a tagged port. The tagged button will be greyed out in
this case.
NOTE
If you add a port untagged, EPICenter automatically removes it from any other VLAN that includes
the port as an untagged member and that uses the same protocol as the VLAN to which you are
adding the port.
You can add a switch to a VLAN as a unit—just select the switch without selecting any ports, and
click Add Tagged or Add Untagged to add the switch to the VLAN.
6 To remove ports from the VLAN, select one or more ports in the Current VLAN Port Members list,
and click Remove.
7 To remove all ports from the VLAN, click Remove All.
8 When you are finished making changes, click OK. To cancel all changes, click Cancel.
Adding and Deleting Protocol Filters
Users with Administrator or Manager access can view, add, and delete protocol filter definitions. If you
have Monitor access, you can view filter definitions, but not add or delete them.
338
EPICenter Software Installation and User Guide
Adding and Deleting Protocol Filters
To view, delete, or add protocol filter definitions, do the following:
1 Click Protocol Filters in the VLAN Manager.
The View/Delete page of the Protocol Panel dialog box is displayed, as shown in Figure 170.
Figure 170: Protocol Panel dialog box, View/Delete page
.
This page shows all the protocol filters configured within the EPICenter database. Any filters that are
in use by a VLAN are indicated with an asterisk (*) in the In Use column.
2 To delete a protocol filter, select a filter in the list, and click Delete.
This deletes the protocol filter from all Extreme Networks switches managed by the EPICenter
software, as well as from the EPICenter database.
NOTE
If a filter is in use by a VLAN, you cannot delete it.
3 Click Close to exit the window.
To add a protocol filter, follow these steps:
1 Click the Add tab at the top of the Protocol Panel dialog box to display the Add Protocol page, as
shown in Figure 171.
Figure 171: Protocol Panel dialog box, Add Protocol page
.
EPICenter Software Installation and User Guide
339
Using the VLAN Manager
2 Enter a descriptive name for the Protocol. The name must begin with a letter followed by up to 31
characters. See the ExtremeWare Software User Guide for details on naming.
3 Select a protocol type from the pull-down list in the type column.
4 Type a corresponding four-digit hexadecimal filter value in the value field.
5 Repeat steps 3 and 4 to enter up to six type-value pairs.
6 When you have finished entering the definition, click Add to add the new protocol filter to the
EPICenter database.
NOTE
The protocol filter is now available to be used on any switch, but is not created on any switches at
this time. The protocol filter is created on a switch only when you create or modify a VLAN to use
the new protocol filter on that switch. The database acts as a collective store for network data
without needing to replicate it on every switch.
7 Click Close to exit the window.
340
EPICenter Software Installation and User Guide
14 The Spanning Tree Monitor
This chapter describes how to use the EPICenter Spanning Tree Monitor module for:
• Viewing the configuration and status of STP domains
• Viewing the status and configuration of VLANs associated with an STP domain
• Viewing the status and configuration of devices and ports associated with an STP domain
NOTE
In order for the EPICenter server to acquire information about a device’s STPD configuration, that
device must be running ExtremeWare 6.2.2 or later. Prior to version 6.2.2, the ExtremeWare SNMP
agent did not provide Spanning Tree information.
Overview of the Spanning Tree Monitor
The EPICenter Spanning Tree Monitor module displays information about STP domains at the domain,
VLAN, device, and port levels.
STP is a bridge-based mechanism for providing fault tolerance on networks. In the Extreme Networks
implementation of STP, a switch can be partitioned into multiple virtual bridges. Each virtual bridge can
run an independent Spanning Tree instance, called a Spanning Tree Domain (STPD). Each STP domain
has its own root bridge and active path. After an STPD is created, one or more VLANs can be assigned
to it, depending on the mode of the ports.
The default switch configuration includes a single STP domain called s0. The default VLAN is a
member of STPD s0.
STP ports can run in one of three modes:
• 802.1D mode. which conforms to the IEEE 802.1D standard.
• Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode, an Extreme implementation of
STP that allows a port to belong to multiple STP domains. This is the default on Extreme switches.
• Enhanced Per-VLAN Spanning Tree Protocol (PVST+) mode, an STP implementation widely
deployed on many vendors’ switches, that is interoperable with 802.1Q spanning tree.
A physical port can belong to multiple STPDs through membership in multiple VLANs, if the port is in
EMISTP mode. In addition, a single VLAN can span multiple STPDs.
EPICenter Software Installation and User Guide
341
The Spanning Tree Monitor
STP configuration must be done through the EPICenter Telnet applet or through the ExtremeWare
command line interface. The STP monitor displays summary and detailed STP configuration
information about the devices being managed by the EPICenter server. It allows you to view STP
configuration information network-wide rather than only device by device as is the case through the
ExtremeWare CLI.
The EPICenter server receives STP topology information through traps from the SNMP agent in the
switch, and through polling. Not all STP-related changes generate traps—for example, updating the root
port and path cost for the previous root when the root changes. The EPICenter server relies on device
polling to detect these types of changes. However, device polling by default is only done every 90
minutes, so if you want STP status updated more frequently, you may want to group your STP devices
into their own device group and change the polling interval to a more appropriate interval.
For more details on STP, see the ExtremeWare Software User Guide.
Displaying STP Domain Information
Click the STP button in the EPICenter Navigation Toolbar to run the Spanning Tree Monitor module. The
STP Domains window appears, as shown in Figure 172.
Figure 172: STP Domains view
This view, displayed when the root node of the Component Tree is selected, shows information about
the STP domains configured on the devices managed by the EPICenter server that are running
ExtremeWare 6.2.2 or later.
342
EPICenter Software Installation and User Guide
Displaying STP Domain Information
Under the root node the Component Tree displays all the STP domains identified by the EPICenter
server. The VLANs included in the domain are listed as subcomponents of the domain. The VLANs in
turn show the devices with ports that are members of the VLAN within the domain.
NOTE
Devices running earlier versions of ExtremeWare may also have Spanning Tree domains configured
and enabled, but the EPICenter server is unable to obtain information about these domains because
SNMP agent support for STP was added in version 6.2.2.
The information presented for each STP domain includes:
• Name: The name of the STP domain.
• Tag: The 802.1Q tag of one of the wholly-contained VLANs in the domain.
• Root: The device name, IP address, or MAC address of the device configured as the designated root
of this STP domain. If STP is disabled for this domain, this field is blank.
• Root Max Age: The maximum allowable age for STP information learned by the root for this
domain. If this age is reached, the current information is discarded and the Spanning Tree is
recalculated. Value is in seconds.
• Root Hello Time: The interval between transmission of Configuration BPDUs by the root for this
domain. Value is in seconds.
• Root Forward Delay: The forward delay time being used by the root for this domain. The forward
delay is the time that a bridge remains in the learning and listening states, not forwarding data.
Value is in seconds.
• VLANs: The number of VLANs participating in this domain.
• Devices: The number of devices participating in this domain.
• Ports: The total number of ports participating in this domain, if the domain is enabled.
NOTE
If an untagged STP domain spans multiple switches and is configured with different tags on different
switches, it may appear as separate STP domains in EPICenter’s STP Monitor.
EPICenter Software Installation and User Guide
343
The Spanning Tree Monitor
Displaying STP VLAN Configurations
Select a specific STP domain in the Component Tree to view summary information about the VLANs in
the selected domain. When you select an STP domain, the STP VLAN view appears, as shown in
Figure 173.
Figure 173: STP VLANs view
This view shows information about the VLANs in the selected domain.
The information presented for each VLAN in the domain includes:
• Name: The name of the VLAN.
• Devices: The number of devices participating in this VLAN for this domain.
• Ports: The number of ports participating in this VLAN in this domain, if the domain is enabled. This
will be zero if the STP domain is disabled on the bridge.
The panel at the bottom of this view shows summary information about the STP domain in which these
VLANs are included.
Displaying STP Device Configurations
Select a specific STP VLAN in the Component Tree to view summary information about the devices in
the selected VLAN that participate in the STP domain. When you select a VLAN, the STP Devices view
appears, as shown in Figure 174.
344
EPICenter Software Installation and User Guide
Displaying STP Domain Information
Figure 174: STP Devices view
This view shows information about the devices participating in the selected VLAN within this domain.
The information presented for each device includes:
• Name: The name of the device.
• State: The state of STP on this domain (enabled or disabled). If disabled, most of the remaining fields
are zero.
• Configured Tag: The 802.1Q tag of one of the VLANs in the domain, as configured by the user.
• Root: Indicates whether this device is currently the STP root bridge for this domain (Yes or No).
• Root Port: The port with the best path to the root bridge. It this device is the root bridge, this will be
zero.
• Root Path Cost: The cost of the path from this bridge to the root bridge. If this device is the root
bridge, the cost will be zero.
• Designated Bridge: Indicates whether this device is a designated bridge (transmits configuration
BPDUs to other bridges on any of its ports).
• Priority: The bridge priority of this bridge for this STP domain.
• Max Age: The maximum allowable age for STP information as determined by the root for this
domain. If this age is reached, the current information is discarded and the Spanning Tree is
recalculated. Value is in seconds.
• Hello Time: The interval between transmission of Configuration BPDUs by the root for this domain.
Value is in seconds.
• Forward Delay: The actual forward delay time as determined by the root for this STP domain. Value
is in seconds.
EPICenter Software Installation and User Guide
345
The Spanning Tree Monitor
• Hold Time: The time during which no more than two configuration BPDUs can be transmitted by
this node. Value is in seconds.
• Ports: The number of ports on this bridge participating in this VLAN in this domain, if the domain
is enabled. This will be zero if the STP domain is disabled on the bridge.
The panel at the bottom of this view shows summary information about the STP domain and VLAN
with which these devices are associated.
Displaying STP Port Information
Select a device in the Component Tree to view information about the ports on the device that are
members of the selected VLAN and STP domain. When you select a device, the STP Ports view appears,
as shown in Figure 175.
Figure 175: STP Ports view
This view shows information about ports on the selected device that are participating in an enabled STP
domain. The information presented for each port includes:
• Port: The device and port number.
• STP State: Whether STP is enabled or disabled on this port.
• State: The state of the port: Disabled, Blocking, Listening, Learning, or Forwarding
• Mode: The port mode (802.1D, PVST or EMISTP).
• Priority: The port priority of this port in this STP domain.
• Port Cost: This port’s contribution to the cost of the path from this port to the root bridge for this
STP domain.
346
EPICenter Software Installation and User Guide
Viewing STP Domain Properties from Pop-Up Menus
• Designated Cost: The total cost of the path from this port (the Designated Port) to the root bridge
for this STP domain.
• Link: The switch and port at the other side of the link.
The panel at the bottom of this view shows summary information about the STP domain, VLAN and
device with which these ports are associated.
NOTE
If the domain is disabled, the port table will be empty.
Viewing STP Domain Properties from Pop-Up Menus
You can right-click on a STP Domain entry or a VLAN entry in the Component Tree to display the
Properties command.
• To view properties for an STP Domain, right-click on an STP Domain name, then click Properties.
• To view properties for a VLAN, right-click on a VLAN name, then click Properties.
• To view properties for a device, right-click to display a menu containing Alarms, Browse, EView,
Statistics, Sync, Telnet, VLANs, and Properties commands.
STP Properties
The STP Properties window displays the following information:
• Name: The name of the STP domain.
• Tag: The 802.1Q tag of one of the wholly-contained VLANs in the domain.
• Root: The device name, IP address, or MAC address of the device configured as the designated root
of this STP domain. If STP is disabled for this domain, this field is blank.
• Root Max Age: The maximum allowable age for STP information learned by the root for this
domain. If this age is reached, the current information is discarded and the Spanning Tree is
recalculated. Value is in seconds.
• Root Hello Time: The interval between transmission of Configuration BPDUs by the root for this
domain. Value is in seconds.
• Root Forward Delay: The forward delay time being used by the root for this domain. The forward
delay is the time that a bridge remains in the learning and listening states, not forwarding data.
Value is in seconds.
• Number of VLANs: The number of VLANs participating in this domain.
• Number of Devices: The number of devices participating in this domain.
• Number of Ports: The total number of ports participating in this domain, if the domain is enabled.
Click OK to close the window.
EPICenter Software Installation and User Guide
347
The Spanning Tree Monitor
VLAN Properties
The VLAN Properties window displays the following information:
• Name: The VLAN name
• Tag: The VLAN tag value (if any) or “Untagged”
• Protocol: The protocol filter configured for the VLAN
Click OK to close the window.
The Device Pop-Up Menu
When you right-click on a device in the Component Tree, the pop-up menu contains Alarms, Browse,
EView, Statistics, Sync, Telnet, VLANs, and Properties commands.
Alarms
The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to
show the alarms for the selected device.
To view the Alarms display for a selected device:
• Right-click on the device, then select Alarms from the pop-up menu that appears
This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log
Browser and displays the alarms for the selected device.
See Chapter 5 for details on using this feature.
Browse
The Device Browse function runs the ExtremeWare Vista switch management interface for the selected
device.
To run ExtremeWare Vista for a selected device:
• Right-click on the device, then select Browse from the pop-up menu that appears
This starts the ExtremeWare Vista login page in a new window.
Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
EView
The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image
and device information for the selected device.
To view the EView for a selected device:
• Right-click on the device, then select EView from the pop-up menu that appears
This starts the ExtremeView applet in a new window and displays the front-panel image and
information for the selected device.
See Chapter 10 for details on using this feature.
348
EPICenter Software Installation and User Guide
Viewing STP Domain Properties from Pop-Up Menus
Statistics
The Device Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics
for the selected device.
To view the Device Statistics display for a selected device:
• Right-click on the device, then select Device from the pop-up menu that appears
This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected
device.
See Chapter 11 for details on using this feature.
Sync
Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the
device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to
poll the switch and update all configuration and status information.
To launch the synchronization procedure for a selected device:
• Right-click on the device, then select Sync from the pop-up menu that appears.
This starts the Sync procedure for the selected device.
See Chapter 4 for details on using this feature.
Telnet
The Telnet function opens an EPICenter telnet window that is connected to the selected device.
To open a telnet session for a selected device:
• Right-click on the device, then select Telnet from the pop-up menu that appears
This starts a telnet session for the device in a new window.
See Chapter 7 for details on using this feature.
VLANs
The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to
the EPICenter database.
To view the VLANs for a selected device:
• Right-click on the device, then select VLANs from the pop-up menu that appears
This starts the VLAN applet in a new window and displays the VLANs currently know to the
EPICenter database.
See Chapter 13 for details on using this feature.
EPICenter Software Installation and User Guide
349
The Spanning Tree Monitor
Properties
The Properties function lets you view the attributes for a selected device. The Device Properties window
has five tabs at the top of the window:
• Device
• VLAN
• STP
• Network Login/802.1x
• Syslog Messages
Each tab displays the name of the device and a status “light” which shows the status of the device as
detected by EPICenter.
The Device Tab. The Device tab displays information about the device such as its IP address, MAC
address, and boot time. The main section of the window presents the same information you can view in
the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software
running in the switch provides comprehensive status information.
The VLAN Tab. The VLAN tab lists the VLANs configured on the device.
The STP Tab. The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There
may be more than one entry per STPD if the domain includes multiple VLANs.
The Network Login/802.1x Tab
The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected
to the device.
The Syslog Messages Tab
The Syslog Messages tab lists information about the most recent Syslog Message received from the
device.
For more details about the Device Properties window, see“Device Properties” on page 117 in Chapter 4.
350
EPICenter Software Installation and User Guide
15 The ESRP Manager
This chapter describes how to use the EPICenter ESRP Manager applet for:
• Viewing the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs
Overview of the ESRP Manager
The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches
to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users. The ESRP
Manager displays the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs.
You can view a summary status for all the ESRP-enabled VLANs being monitored by EPICenter. You
can also view detailed information for an individual ESRP-enabled VLAN and the switches in those
VLANs.
NOTE
This chapter does not discuss ESRP functionality in any detail. For more information about ESRP, see
the ExtremeWare Software User Guide, versions 6.0 or later.
To start the ESRP Manager applet, click the ESRP button in the EPICenter Navigation Toolbar. The
ESRP Manager applet appears, initially displaying a summary status of the ESRP-enabled VLANs
known to EPICenter, as shown in Figure 176.
EPICenter Software Installation and User Guide
351
The ESRP Manager
Figure 176: ESRP Manager showing summary ESRP-enabled VLAN status
This display shows a summary of the ESRP configuration for each ESRP-enabled VLAN.
The information displayed is as follows:
• VLAN Name—The name of the ESRP-enabled VLAN.
• Master Switch—The name, if known, or MAC address of the switch currently designated as the
Master switch. If this switch is being managed by EPICenter (is included in EPICenter’s Inventory
database) the name will appear. If the switch is not known to EPICenter, the MAC address will
appear.
• IP Address—The IP address of the ESRP-enabled VLAN. If the master switch is not known to
EPICenter, this will be “N/A.”
• Group—The ESRP group to which this ESRP-enabled VLAN belongs in a broadcast domain that
contains multiple instances of ESRP (multiple ESRP groups). The names of the ESRP-enabled VLANs
participating in the same group must be identical.
• Election Algorithm—The ESRP election algorithm in use for this VLAN. The election algorithm
determines the order of precedence of the election factors used to determine the ESRP Master. The
election factors are:
— Ports: the number of active ports (the switch with the highest number takes priority)
— Track: whether the switch is using ESRP tracking (a switch using tracking has priority)
— Priority: a user-defined priority number between 0 and 254 (a higher number has higher priority)
— MAC: the switch MAC address (a higher-number address has priority)
352
EPICenter Software Installation and User Guide
Viewing ESRP Detail Information
The election algorithm can be one of the following:
— ports_track_priority_mac (the default): This algorithm considers active ports first, then
tracking, then priority, then the MAC address to determine the ESRP Master. This is the only
algorithm supported for ExtremeWare releases prior to version 6.0
— track_ports_priority_mac
— priority_ports_track_mac
— priority_track_ports_mac
— priority_mac_only: only considers priority and the MAC address
See the ExtremeWare Software User Guide, version 6.1 or later, for details.
NOTE
The ESRP election algorithm must be identical on all switches in an ESRP group. If it is not, serious
problems may arise.
• Hello Timer—This is the interval, in seconds, for exchanging keep-alive packets between the ESRP
switches for this ESRP-enabled VLAN. Also known as the ESRP timer. The default is 2 seconds.
Viewing ESRP Detail Information
You can display detailed ESRP information for the switches in an individual ESRP-enabled VLAN by
clicking on the VLAN name in the Component Tree in the left-hand panel of the window. This displays
a status window similar to the one shown in Figure 177.
Figure 177: ESRP detail for an individual ESRP-enabled VLAN
EPICenter Software Installation and User Guide
353
The ESRP Manager
ESRP trap events will also be recorded in the EPICenter Event Log, which you can view using the
EPICenter Event Log Report (see Chapter 17). ESRP state change traps will be recorded in the EPICenter
Alarm Log (see Chapter 5).
NOTE
ESRP Traps are not implemented in ExtremeWare versions 4.x or 5.x. Thus, for switches running those
versions of ExtremeWare, state changes and other ESRP updates will only be reflected after the next
device polling interval.
Note that an ESRP-enabled VLAN can be monitored by EPICenter as long as at least one of its
ESRP-enabled switches is managed by EPICenter (i.e. is included in EPICenter’s device database). If
there are other ESRP-enabled switches in that VLAN, their ESRP status will also be displayed in the
ESRP Manager, even if they are not being managed by EPICenter.
The Detailed ESRP Information view displays the following information:
• Switch Name—The name of the switch, if known. (If the switch is not being managed by EPICenter,
this field will contain “N/A.”)
• MAC—The MAC address of this switch.
• State—The current state of the switch—Master or Slave.
• Priority—A user-defined value, between 0 and 254, which can be used by the ESRP election
algorithm in determining which switch is the Master switch. The default is 0.
• To Master—The number of times this switch has transitioned to become a Master.
• To Slave—The number of times this switch has transitioned to become a Slave.
NOTE
The number of Master and Slave transitions cannot be obtained from versions of ExtremeWare prior
to version 6.1.6. For switches running earlier versions of ExtremeWare, the display defaults to “N/A.”
NOTE
If some of the ESRP-enabled switches in an ESRP-enabled VLAN are not managed by EPICenter,
the ToMaster and ToSlave values for those switches will not be updated until the next device polling
interval.
• Active Ports—The number of active ports in this ESRP-enable VLAN.
• Tracked Ports—The number of tracked ports that are currently active.
• Tracked Routes—The number of tracked IP routes that are currently active.
• Tracked Pings—The number of tracked ping responders that are responding successfully.
NOTE
The number of Tracked Pings cannot be obtained from versions of ExtremeWare prior to version
6.1.6. For switches running earlier versions of ExtremeWare, the display defaults to zero.
354
EPICenter Software Installation and User Guide
16 Administering EPICenter
This chapter describes how to use the Administration applet for the following:
• Changing your own user password, for users without Administration access
• Adding and deleting EPICenter users
• Setting and modifying user permissions for both the EPICenter and ExtremeWare software
• Configuring the EPICenter server as a RADIUS client or a RADIUS server for user authentication
• Enabling or disabling EPICenter Syslog receiver functionality
• Modifying EPICenter server properties to change settings such as polling rates, time-outs, port
assignments and other similar settings
• Configuring EPICenter for a distributed server configuration
Overview of User Administration
In order to log in to the EPICenter server and use its management features, you must have a user name
and password. An EPICenter administrator can create and modify EPICenter user accounts, passwords,
and account permissions through the Administration applet. Individual users, regardless of their access
permissions, can change their own password using the Administration applet.
The EPICenter server and its Remote Authentication Dial In User Service (RADIUS) server can be used
for user authentication, both for EPICenter server access and Extreme Networks switch access. The
Administration applet provides an interface for configuring the RADIUS server.
Finally, the Administration applet provides an interface that allows an EPICenter administrator to
modify a number of properties that affect the performance and configuration of the EPICenter server.
These properties are stored in the EPICenter database along with other EPICenter data.
Controlling EPICenter Access
The EPICenter server provides three levels of access to EPICenter functions:
• Monitor — users who can view status information and statistics.
• Manager — users who can modify device parameters as well as view status information and
statistics.
EPICenter Software Installation and User Guide
355
Administering EPICenter
• Administrator — users who can create, modify and delete user accounts as well as perform all the
functions of a user with Manager access.
The EPICenter server provides two default users:
• “admin” with Administrator access
• “user” with Monitor access
The two default users do not initially have passwords. All other user names must be added and enabled
by an Administrator user.
Regardless of your access level, you can run the Administration applet and change your own password.
Users with Administrator access can add and delete users and assign user access levels.
NOTE
The EPICenter user accounts are separate from the Extreme switch user accounts. You can configure
both through the EPICenter software, or you can have switch access independently of the EPICenter
software.
ExtremeWare Software Access
Through the EPICenter software, two levels of access to Extreme switches can be enabled:
• User — Users who can view device status information and statistics, but cannot modify any
parameters.
• Administrator — Users who can modify device parameters as well as view status information and
statistics.
These permissions enable access to Extreme Networks switches through Telnet or ExtremeWare Vista.
The use of the RADIUS server avoids the need to maintain user names, passwords, and access
permissions in each switch, and instead centralizes the configuration in one location in the EPICenter
server.
The EPICenter RADIUS Server
The EPICenter software incorporates a basic RADIUS server for user authentication. RADIUS provides a
standard way for the EPICenter software and Extreme Networks switches to handle user authentication,
permitting the unification of the Extreme Networks CLI, ExtremeWare Vista, and EPICenter user
authentication. The EPICenter server can be configured to act either as a RADIUS server or a RADIUS
client. RADIUS authentication is disabled by default.
ExtremeWare versions 4.1 and later support the RADIUS server for authentication and can act as
RADIUS clients.
Setting EPICenter Server Properties
The server properties interface allows an EPICenter administrator to modify a number of parameters
that affect server performance and function. These include communication parameters such as polling
intervals, time-outs, port usage, number of retries, setting Scalability mode, and a number of other
parameters.
356
EPICenter Software Installation and User Guide
Starting the EPICenter Client for the First Time
Starting the EPICenter Client for the First Time
The two default users, admin and user, do not initially have passwords.
It is strongly recommended that you log in the first time with the user name admin, and immediately
change the admin password. You can then add other users with Manager, Monitor, or Administrator
access.
To run the EPICenter client interface for the first time:
1 Launch the EPICenter client.
The EPICenter Login page appears.
2 Select or enter the host name or IP address and port of the EPICenter server.
3 Type the user name admin in the User field.
4 Leave the Password field empty.
5 Click Login. The Network Summary Report page appears.
6 Click Admin in the Navigation Toolbar to access the Administration functions of the EPICenter
server.
The User Administration page appears, as shown in Figure 178. The only users are “admin” and
“user.”
Figure 178: User Administration window
EPICenter Software Installation and User Guide
357
Administering EPICenter
Changing the Admin Password
To change the Admin password:
1 Click the tab at the top of the page to display the User Administration page, if necessary.
2 Select the user admin in the User list.
3 Click Modify.
The Edit User window appears, as shown in Figure 179.
Figure 179: Edit User window
4 Type a new password in the Password field.
5 Type the password again in the Verify Password field.
6 Click OK.
The new admin password is stored in the EPICenter database. You cannot change the EPICenter access
level for this user.
You can, however, change the ExtremeWare account access. The default for the EPICenter user “Admin”
is Administrator. See the information under “Adding or Modifying User Accounts” for details on the
ExtremeWare account access levels.
Adding or Modifying User Accounts
To add users to the EPICenter database, or to modify EPICenter user account access, follow these steps:
1 Login to the ExtremeWare EPICenter as a user with Administrator access.
2 Click Admin in the Navigation Toolbar.
3 Click the User Administration tab at the top of the page to display the User Administration page, if
necessary.
358
EPICenter Software Installation and User Guide
Adding or Modifying User Accounts
4 To add a user, click Add. To change a user’s access or password, select the user name and click
Modify.
The New User window (or Edit User window) appears (Figure 180).
Figure 180: New User and Edit User windows
5 For a new user, type a user name into the Name field.
6 Type a new password into the Password field.
7 Type the password again into the Verify Password field.
8 Select the appropriate EPICenter Account Access level:
• Administrator access allows the user to add, edit and delete user accounts, as well as view status
information and statistics and modify device parameters.
• Manager access allows the user to view status information and statistics and modify device
parameters.
• Monitor access allows the user to view status information and statistics.
• Disabled provides no access privileges (the user will not be able to log in to the EPICenter), but
keeps the user account information in the EPICenter database.
9 Select the appropriate ExtremeWare Account Access level:
• Administrator access allows the user to modify device parameters as well as view status
information and statistics.
• User access allows the user to view device status information and statistics, but cannot modify
any parameters.
• No Access provides no access privileges, but keeps the user account information in the EPICenter
database.
10 Click OK.
The new user information is stored in the EPICenter database.
EPICenter Software Installation and User Guide
359
Administering EPICenter
NOTE
A change to a user account does not take effect until the next time the user logs in.
Deleting Users
To delete a user, follow these steps:
1 Log in to the ExtremeWare EPICenter as a user with Administrator access.
2 At the About ExtremeWare EPICenter window, click Admin in the Navigation Toolbar.
The User Administration page appears.
3 Click the User Administration tab at the top of the page to display the User Administration page, if
necessary.
4 Select the user name you want to delete and click Delete.
NOTE
You cannot delete the user name admin.
A confirmation window appears.
5 Click Yes.
This removes all information about this user account from the EPICenter database.
NOTE
To remove all access privileges for a user without removing the user account from the EPICenter
database, use the Modify User function and change the Account Access to Disabled.
Changing Your Own User Password
If you are a user with Manager or Monitor access, you can change your own password at any time after
you have logged in to the ExtremeWare EPICenter. To do so, follow these steps:
1 Click Admin in the Navigation Toolbar.
The Change Password window appears, as shown in Figure 181.
360
EPICenter Software Installation and User Guide
RADIUS Administration
Figure 181: Change Password window
The window shows your user name, and your EPICenter and RADIUS Account Access levels, but
you cannot change them.
2 Type your new password in the Password field.
3 Type the password again in the Verify Password field.
4 Click Apply.
Your new password is stored in the EPICenter database.
NOTE
The change does not take effect until the next time you log in.
RADIUS Administration
If you have Administrator access, you can enable EPICenter as a RADIUS server or RADIUS client, and
change its port or the RADIUS secret. By default RADIUS authentication is disabled.
Enabling the RADIUS server means that Extreme switches can act as RADIUS clients, authenticating
users against the RADIUS server’s database of users, as administered through the EPICenter. Thus, even
if a user accesses the switch directly through Telnet or a browser, the RADIUS server will provide the
authentication service.
Disabling the RADIUS server means that it will not be available for authenticating users. In this case,
each Extreme switch must maintain its own list of users and access permissions, and users will need to
remember a (possibly different) login and password for every switch.
EPICenter Software Installation and User Guide
361
Administering EPICenter
If you have enabled the EPICenter RADIUS server, authentication activity is logged to the file
radius_log.txt, found in the EPICenter root install directory.
• To change the EPICenter server RADIUS configuration, click the RADIUS tab at the top of the page.
The RADIUS Administration page appears, as shown in Figure 182.
RADIUS Server Configuration
To configure EPICenter as a RADIUS server, follow these steps:
Figure 182: Radius Administration page
1 Click the Enable EPICenter as a RADIUS Server button in the RADIUS Configuration panel at the
top of the page.
This enables the fields in the Server Configuration panel.
2 Enter the RADIUS server’s shared secret in the RADIUS Secret field.
This string is basically a shared key by which the RADIUS server and its clients recognize each other,
and which they use for secure transmission of user passwords.
NOTE
If you change the secret in the RADIUS server, you must also change it in any of the RADIUS
clients (Extreme switches) that use the RADIUS server for user authentication.
362
EPICenter Software Installation and User Guide
Server Properties Administration
3 The default port used for the RADIUS server is 1645. To change the server port, enter the port
number in the RADIUS Port field.
NOTE
If you change the RADIUS server port, you must make sure that the ports used in any RADIUS
clients (Extreme switches that use this RADIUS server for user authentication) match the port you
enter for the server.
4 To disable RADIUS response messages, uncheck the Enable RADIUS Response Messages checkbox.
This prevents the RADIUS server from sending a response message when authentication fails. Check
the box to enable these messages. This is enabled by default.
5 Click Apply to have the configuration changes take effect.
RADIUS Client Configuration
To enable EPICenter as a RADIUS client, do the following:
1 Click the Enable EPICenter as a RADIUS Client button at the top of the page.
This enables the fields in the Client Configuration panel.
2 Fill in the fields (server name or IP address, port, and shared secret) for the primary and secondary
RADIUS servers as appropriate.
It is recommended, but not required, that both a primary and a secondary RADIUS server be
available for authentication.
3 Click Apply to have the configuration changes take effect.
Disabling RADIUS for EPICenter
To disable the use of RADIUS authentication, do the following:
1 Click the Disable RADIUS button at the top of the page.
2 Click Apply to have the configuration changes take effect.
Server Properties Administration
If you have Administrator access, you can modify the values of a number of properties that affect the
function and performance of the EPICenter server.
1 Click the Server Properties tab at the top of the page.
The Server Properties Configuration page appears, as shown in Figure 183.
EPICenter Software Installation and User Guide
363
Administering EPICenter
Figure 183: Server Properties Configuration page, initial properties list
2 Select a set of properties from the drop-down menu field at the top of the central panel. You can
select among five sets of properties:
— Devices
— Scalability
— SNMP
— Topology
— External Connections
— Other
The Server Properties Configuration page displays the properties in that set.
3 Type a new value into the field for the property you want to change, or click a check-box to turn on
or off an option. The specific properties and their meanings are discussed in the following sections.
4 Click the Apply button to cause your changes to take effect.
You can undo your changes in one of two ways:
— Click the Reset button to restore the values that the displayed properties held when you first
entered this page.
— Click the Reset to Defaults button to restore the values to the EPICenter server default values
(the values in effect immediately after installation).
364
EPICenter Software Installation and User Guide
Server Properties Administration
5 For some changes, you will need to restart the EPICenter server for the changes to take effect. A
pop-up dialog will inform you that this is necessary.
Click OK to dismiss the dialog box, and then shut down and restart the EPICenter server.
See Chapter 3 for information on how to shut down and restart the EPICenter server.
Devices Properties
When you select Devices from the drop-down menu field at the top of the properties panel, you can set
the following properties:
• Telnet Login Timeout Period (sec): The length of time, in seconds, after which a CLI/Telnet login
request to a switch should time out. The default is 10 seconds, the range is 1 to 30 seconds.
• Device HTTP Port: The port that the EPICenter server will use to communicate with an Extreme
switch’s web server to run ExtremeWare Vista. Default is port 80.
• Device Telnet Port: The port that the EPICenter server will use to telnet to a switch. Default is port
23.
• Upload/Download Timeout Period (sec): The length of time, in seconds, after which a configuration
upload or download operation should time out. If some devices have a large number of VLANs, the
timeout may need to be increased to allow an upload or download operation to complete
successfully without timing out.
• Syslog Server settings:
— Enable Syslog Server (Port: 514) (checkbox): A check specifies that the EPICenter server can
function as a Syslog receiver to receive Syslog messages. Port 514 is the port used for remote
syslog communication from a switch. Uncheck the checkbox to disable syslog server functionality.
The default is enabled.
NOTE
For Solaris, you must stop the Solaris Syslog server before you can enable EPICenter’s syslog
server. To stop the server in Solaris, enter the command /etc/init.d/syslog stop. In EPICenter,
you can restart the Syslog server by disabling and then re-enabling it.
On the device side, remote logging must be enabled, and the switch must be configured to log to
the EPICenter server. The default on Extreme switches is for logging to be disabled. You must use
the EPICenter Telnet applet or the ExtremeWare CLI to configure your switches. To enable remote
logging, enter the command:
enable syslog
To configure the EPICenter server as a Syslog server, enter the command:
config syslog <EPICenter IP address> <facility>
You must enter the IP address of the EPICenter server, and a facility level, which can be local0
through local7. See the ExtremeWare Software User Guide or the ExtremeWare Software Command
Reference Guide for more information on these commands.
You can also include a severity in the config syslog command, which will filter log messages
before they are sent to the EPICenter Syslog server. The EPICenter Syslog server will in turn filter
the incoming messages based on the severity you set using the Accept SysLog messages with
Min Severity setting described previously.
To configure remote logging on multiple devices, you can run these commands as a macro in the
EPICenter Telnet module.
EPICenter Software Installation and User Guide
365
Administering EPICenter
— Accept SysLog messages with Min Severity: The minimum severity level of messages to be
logged in a switch Syslog file. All messages with Severity equal to or higher than the setting you
select will be logged. For example, if you select 2:Critical, then messages of severity 2 (Critical), 1
(Alert), and 0 (Emergency) will be logged. The default is 6: Information.
• Save Changed Configurations Only (checkbox): A check specifies that device configurations should
be uploaded by the Configuration Manager Archive feature only when the device configuration has
changed (the default). Uncheck the checkbox to specify that switch configurations should always be
uploaded at the scheduled archive time.
• Automatically Save Configuration on Device (checkbox): A check indicates that EPICenter
automatically saves the configuration to a switch whenever configuration changes are made. This is
the default setting. If this checkbox is not checked, you must use the Save command to save changes
to a switch configuration.
• Poll Devices Using Telnet (checkbox): A check enables regular CLI/Telnet polling of ExtremeWare
4.1 devices (the default). Uncheck the checkbox to disable CLI/Telnet polling. This disables ESRP
polling as well as EDP polling.
• Save Switch Password for Vista Login (checkbox): A check specifies that the ExtremeView module
should save the switch password in the EPICenter database for use when logging into a switch using
ExtremeWare Vista. If you disable (uncheck) this property, you will be required to login to each
switch in order to view Configuration and Statistics information in the ExtremeView applet. The
default is enabled (passwords will be saved).
• Use EPICenter Login/Password for Telnet/SSH: A check indicates that the EPICenter login name
and password should be used for establishing user-initiated Telnet or SSH2 sessions with the switch.
Background functions, including trap handling, polling, and scheduled operations continue to use
the Telnet/SSH login and password configured for the switch using the Inventory Manager.
Scalability Properties
Select Scalability from the drop-down menu field at the top of the properties panel to set the EPICenter
server into Scalable mode (or reset it into regular mode) and to modify the number of concurrent
operations the EPICenter server can run.
Manipulating the thread pool size, default thread allocation size, number of SNMP sessions, and the
number of traps and syslog messages EPICenter processes per minute lets you configure the EPICenter
server to provide better performance based on the amount of server resources (number and speed of
processors, amount of memory) available. Changing these values should not normally be necessary
unless you are managing a very large number of devices (more than 1000 devices).
If you are managing more than 1000 devices, it is recommended that you run the EPICenter server on a
system with a 1 GHz or faster processor, and at least 1 GB of physical memory. For such a
configuration, you may also be able to improve the performance of the EPICenter server by changing
the parameters below.
NOTE
Changing the scalability properties on a system without suitable hardware could actually decrease the
performance of the EPICenter server.
To see the effects of the current scalability settings, run the Server State Summary Report in the
Reports applet.
366
EPICenter Software Installation and User Guide
Server Properties Administration
• Thread Pool Size: This specifies the maximum number of threads available. Increasing this number
may improve overall performance. For managing more than 1000 devices, it is recommended that
you increase this to 50. The default is 20.
• Thread Default Alloc Size: This specifies the default number of threads allocated for a process
request. Increasing this size may allow processes to complete more quickly. For managing more than
1000 devices, it is recommended that you increase this to 25. The default is 10.
• Traps per Device in 1/2 Minute: This specifies the maximum number of traps that can be received
from an individual device in 28 seconds. If more than this number of traps are received within a 28
second interval, the excess traps are dropped.
• Total Traps Accepted per Minute: This specifies the maximum total number of traps that EPICenter
can receive from all managed devices in 55 seconds. If more than this number of traps are received
within a 55 second interval, the excess traps are dropped. When managing more than 1000 devices,
increase this to 500. The default is 275, the maximum you can set is 500.
• Syslog Messages per Device in 1/2 Minute: This specifies the maximum number of syslog messages
that can be received from an individual device in 28 seconds. If more than this number of traps are
received within a 28 second interval, the excess messages are ignored.
• Total Syslog Messages Accepted per Minute: This specifies the maximum number of syslog
messages that EPICenter can receive in one minute from all managed devices. If more than this
number of messages are received within a one-minute interval, the excess messages are ignored.
When managing more than 1000 devices, you should increase this to 500. The default is 275, the
maximum you can set is 500.
• Maximum Number of SNMP Sessions: This specifies the maximum number of concurrent SNMP
sessions the server will run. Increasing this number may improve throughput from device polling.
For managing more than 1000 devices, it is recommended that you increase this to 25. The default is
10.
• Maximum number of CLI connections: This specifies the maximum number of simultaneous CLI
connections that EPICenter can manage. The default is 30.
NOTE
You should not change the values for traps and syslog messages accepted unless the EPICenter server
reports dropping lots of traps. Run the Server State Summary Report in the Reports applet to view the
current performance metrics.
SNMP Properties
When you select SNMP from the drop-down menu field at the top of the properties panel, you can set
the following properties:
• Poll Interval: The interval, in minutes, between SNMP polls of a switch to fetch basic device status
information. The default is five minutes. The range is one minute to one hour. You can disable all
SNMP polling by setting this property to zero.
NOTE
This Poll Interval is not the same as the Device Polling Interval you can set through the Inventory
Manager. The Device Polling Interval controls the frequency of polling for detailed device information
such as software version, bootrom version, and so on. The polling interval set in the Administration
applet controls only the basic SNMP status information necessary to ensure SNMP reachability, and
is typically performed relatively frequently.
EPICenter Software Installation and User Guide
367
Administering EPICenter
• Timeout Period: The length of time, in seconds, to wait for an SNMP poll request to complete, in
milliseconds, before timing out. The default is two seconds. The range is one to 10 seconds.
This setting determines the time-out interval only for the first unsuccessful SNMP request; once a
request times out, subsequent requests will time out more slowly, based on an exponential time-out
back-off algorithm, until it reaches the maximum number of retries.
• Number of Retries: The number of SNMP requests that should be attempted before giving up, for a
request that has timed out. The default is one.
• EPICenter Trap Receiver Port: The port on which EPICenter expects to receive traps. Default is port
10550.
• Enable Edge Port Polling (checkbox): A check in this box indicates that edge port polling is enabled.
Edge port polling is a background process the polls all ports identified as edge ports for a variety of
information including FDB information, IP and MAC addresses, port status and port names. Edge
ports are identified automatically and are distinguished from uplink ports based on the number of
MAC addresses detected on the port (a port with five or fewer MAC addresses is considered an
edge port). The default is enabled.
• Poll Edge Ports Fast (checkbox): A check in this box speeds up the request for edge port device
information. Using this option may cause a performance impact. To help mitigate this effect, you can
limit the size of the downloaded FDB table using the Edge Port Maximum Table Size Setting. The
default is not enabled.
• Edge Port Poll Interval (hours): The minimum interval (in hours) between polls of an individual
edge port. The longer the interval, the less performance overhead the EPICenter server will endure
due to edge port polling, but the longer port information will go without being refreshed. The
default is 12 hours. If you set an interval that is shorter than the time it takes to poll all the edge
ports, then the actual interval may be longer than the interval you specify here.
• Edge Port Maximum Table Size Setting: Specifies the maximum size of the FDB table downloaded
by EPICenter. The default value is 1000 entries. The range is between 0 and 100000 entries, where 0
indicates that there is no maximum size. If the number of entries of the edge port FDB table exceeds
the specified maximum, no further entries from the device are downloaded.
Topology Properties
Select Topology from the drop-down menu field at the top of the properties panel to set properties that
affect the collection and display of RMON statistics in the Topology applet.
• Enable Topology RMON Statistics Data Collection (checkbox): A check in this box enables the
collection of RMON statistics in the Topology applet. The default is enabled, which means that
RMON statistics will be collected for all devices that have RMON enabled in the device. To disable
the collection of RMON Statistics, uncheck the checkbox. If this option is disabled, then no RMON
statistics will be displayed on any maps, regardless of the setting of the Display RMON Statistics
• Display RMON Statistics in new Maps by Default (checkbox): The display of RMON statistics on a
map can be enabled or disabled for individual maps through a checkbox option in the Topology
Map Properties window for each map. This server property specifies the default state of the RMON
statistics display checkbox (labeled RMON Statistics) in the Topology Map Properties window.
A check in this box specifies that by default the RMON Statistics option in the Map Properties
window will be enabled. Thus, by default, RMON statistics will be displayed for all maps unless
they are specifically disabled for an individual map. To disable the RMON statistics display for an
individual map, you can uncheck the RMON Statistics option in the Map Properties window for that
map.
This option is disabled by default, meaning that the corresponding option in the Map Properties will
be disabled by default.
368
EPICenter Software Installation and User Guide
Server Properties Administration
NOTE
If Topology RMON statistics data collection is disabled, then this display option will have no effect.
External Connection Properties
When you select External Connection Properties from the drop-down menu field at the top of the
properties panel, you can set the following properties:
• Load Information from http://www.extremenetworks.com (checkbox): A check in this box specifies
that EPICenter can automatically connect to the Extreme Networks website using an external (web)
connection.
The external connection is used by EPICenter to query the Extreme Networks website for the latest
version and patch level of the EPICenter software, and compare the information to the version
currently running. If a newer version is available, it is noted on the basic status page, displayed
when you first launch EPICenter.
• HTTP Proxy Device: The IP address or hostname of an HTTP proxy device used to connect to the
Extreme Networks website if your network uses a firewall. When an HTTP proxy is configured, all
HTTP connections are made through the proxy server rather than directly to Extreme Networks.
• HTTP Proxy Port: The port number for the HTTP Proxy, used to connect to the Extreme Networks
website if your network uses a firewall.
Other Properties
When you select Other from the drop-down menu field at the top of the properties panel, you can set
the following properties:
• DNS Lookup Timeout Period: The time-out period, in seconds, when performing DNS lookup
operations for hosts found through DLCS or when importing (in the Grouping applet) from an NT
Domain Controller. The default is one second.
• Session Timeout Period: The non-activity time-out period, in minutes, after which the user is
required to re-login to the EPICenter server. The default is 30 minutes. You can disable the time-out
by setting the property to -1.
• ServiceWatch URL: The URL for accessing ServiceWatch, to allow it to be launched from the
EPICenter navigation toolbar, and to run in the main EPICenter applet window.
For example, if ServiceWatch is running on a system named “tampico” at port 2000, you would enter
http://tampico:2000 as the ServiceWatch URL. You must then restart the EPICenter server to
activate the ServiceWatch integration.
• IP QoS Rule Precedence: The starting value that the EPICenter server will use for setting precedence
in the Policy Manager applet. This is an integer between 1 and 25,000. The default value is 10,000.
Setting this value lets you ensure that policies created by EPICenter will have higher precedence
than policies created through the ExtremeWare CLI. It is also useful in distinguishing between
policies created through the CLI and those created through the EPICenter Policy Manager applet.
• Client Port: The TCP port number that a client will use to connect to the EPICenter server. The
default is 0, meaning that the server will use any available port. You can use this setting to specify a
fixed port number that the EPICenter server will use. For example, if the EPICenter server is behind
a firewall, you may need to provide a fixed port number to allow clients to connect thought the
firewall.
EPICenter Software Installation and User Guide
369
Administering EPICenter
• Update Type Library on Server: This function updates the EPICenter type library, which is a
repository of information about devices (primarily from Extreme Networks) that are supported by
EPICenter.
• Device Tree UI: A setting that specifies how devices are identified in the Component Tree and in
selected other locations. You can choose to have the component tree show the device name only, the
device name followed by the IP address in parentheses, of the device IP address followed by the
device name in parentheses. The default is device name followed by the device IP address.
• DHCP Temporary Lease: A setting that informs the server how long to wait before querying a
switch for a netlogin or a permanent IP address from an 802.1x client.
• Telnet Screen Width: The number of columns available on the screen for the Telnet application. The
default number of columns is 80. The range is between 40 and 180 columns.
• Device SSH Port: The TCP port number that EPICenter uses to connect with the switch. The default
is port 22.
• SSH2 Command Line: The path to the SSH2 client application. EPICenter supports the Open SSH
client for UNIX and the plink.exe SSH client for Windows.
• Enable SCP2 (checkbox): When selected, devices can use SCP2 for secure file transfers with the
EPICenter server. Because SCP2 file transfers can be time consuming, you can disable this feature
without disabling the use of SSH2 for secure Telnet sessions.
• SCP2 Command Line: The path to the SCP2 client application. EPICenter supports the Open SSH
SFTP client on UNIX and the pscp.exe SCP client on Windows.
NOTE
To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that
supports SSH2. For more information on configuring a device to use SSH2, see the ExtremeWare
Software Users Guide.
Distributed Server Administration
If you have Administrator access, a Distributed Server license, and you have multiple EPICenter servers
installed on your network, you can configure these servers to operate in a distributed server mode.
Distributed Server mode allows multiple EPICenter servers, each managing their own sets of devices, to
be designated as a server group, and to communicate status between the servers in the group. One
server acts as a Server Group Manager, and the other servers act as server group members.
Each server in the server group is updated at regular intervals with a list of other servers, and with
network summary and status information from the other servers in the group. In distributed server
mode, the EPICenter home page contains a status information from the other servers in the group in
addition to the standard Network Summary report.
NOTE
The Distributed Server functionality is a separately-licensed feature of the EPICenter software. If you do
not have a Distributed Server license, only Single Server mode is enabled. You will not be able to select
either of the Server Group settings.
370
EPICenter Software Installation and User Guide
Distributed Server Administration
1 Click the Distributed Server tab at the top of the page.
The Distributed Server Administration page appears, as shown in Figure 184.
Figure 184: Distributed Server Administration page
Initially, the EPICenter server is configured as a single server. In single server mode, the server does not
communicate with any other EPICenter servers. If you have a Distributed Server license, you can
change its configuration to act as a server group member or as the server group master.
Configuring a Server Group Member
To configure your EPICenter server as a server group member:
1 Click the Server Member button in the Server Group Type panel at the top of the page.
This enables the fields in the Server Group Member panel.
2 Enter the host name or IP address of the server that acts as the group manager in the Server Group
Manager field.
3 Enter the port number to be used to communicate with the Server Group Manager. This port should
match the HTTP port configured for the EPICenter server acting as the server group manager. The
default is port 80.
4 Enter the shared secret in the Secret field.
This string is a shared key by which the cooperating EPICenter servers recognize each other, and
which they use for secure transmission of server data. The default shared secret is the string secret.
EPICenter Software Installation and User Guide
371
Administering EPICenter
NOTE
If you change the secret for one EPICenter server, you must also change it for all of the other
servers in the group.
5 Click Apply to have the configuration changes take effect.
Configuring a Server Group Manager
To function as the EPICenter Server Group Manager, the server must have a host name that is
configured through DNS.
To enable this EPICenter server as a server Group Manager, do the following:
1 Click the Server Manager button in the Server Group Type panel at the top of the page.
This enables the fields in the Server Group Manager panel.
2 Enter the shared secret in the Secret field.
This string is a shared key by which the cooperating EPICenter servers recognize each other, and
which they use for secure transmission of server data. The default shared secret is the string secret.
NOTE
If you change the secret in one EPICenter server, you must also change it in all of the other servers
in the group.
3 Enter the polling interval in minutes. This determines the frequency with which the Server Manager
communicates information to the other server members of the EPICenter server group. The default is
10 minutes.
4 Add the other members of the server group to the server list:
a Click Add to open the Add Server dialog box.
b Enter the host name or IP address of the member server in the server field. A server member
does not need to have a DNS-translatable host name.
c
Enter the port used to communicate with the server member. This must match the HTTP port
configured for the member server
d Click OK to add this server to the list, or Cancel to cancel the operation.
Servers added to this list must be configured as server group members with this server as the
Server Group Manager.
5 To delete a member server from the list, select the server and click Delete.
6 Click Apply to have the configuration changes take effect.
372
EPICenter Software Installation and User Guide
17 Dynamic Reports
This chapter describes how to use the EPICenter Reports capability for:
• Viewing predefined Network Summary Reports from the Home EPICenter page
• Viewing predefined EPICenter status reports from the Dynamic Reports
• Creating new reports by writing Tcl scripts
Overview of EPICenter Reports
The EPICenter software provides several sets of HTML-based reports that provide information about
the devices managed by the EPICenter server. There are two types of these reports:
• A Network Summary Report, available on the main EPICenter “Home” page, displayed when you
first log in through the EPICenter client.
• EPICenter Dynamic Reports, available separately from the main EPICenter client, or as an applet
accessed from the client.
The Network Summary Report provides summary statistics about the status of the devices being
managed by the EPICenter server. This report can also be accessed from the Dynamic Reports Main
page.
EPICenter Dynamic Reports are a separate feature from the main EPICenter user interface. If you use a
browser-based client, the reports can be accessed directly from the initial EPICenter Start-up page
without logging in to the Java client interface. The Reports module can also be accessed from the
EPICenter Navigation toolbar.
The EPICenter dynamic reports are HTML pages that do not require Java capability, and thus can be
accessed from browsers that do not have the ability to run the full EPICenter user interface. This means
reports can be loaded quickly, even over a dial-up connection, and it also provides the ability to print
the reports.
EPICenter’s HTML reports are always displayed in a browser window, even if you are running the
stand-alone client. See “Browser Requirements for Reports” on page 49 in Chapter 2 for supported
browsers.
EPICenter Software Installation and User Guide
373
Dynamic Reports
Network Status Summary Report
The Network Status Summary Report provides an at-a-glance summary of the status of the devices the
EPICenter server is monitoring. The main report page, as shown in Figure 185, appears when you first
log into the EPICenter client, and when you click the Home button at the top of the Navigation Toolbar.
The Network Status Summary Report displays information about the overall health of the network. It
also displays information on the current version of EPICenter running on the EPICenter service and
compares the current version to the latest available version.
Figure 185: Network Status Summary Report page
374
EPICenter Software Installation and User Guide
Dynamic Reports
Dynamic Reports
A number of predefined reports present information from the EPICenter software database. The
predefined reports include:
• Network Status Summary Report (described in the previous section)
• Server State Summary Report
• Device Inventory Report
• Slot Inventory Report
• Device Status Report
• VLAN Summary Report
• Voice VLAN Summary Report
• Interface Report
• Unused Ports Report
• Resources to Attribute Map
• User to Host Mapping
• Network Login Report
• Alarm Log Report (not available if the alarm system is disabled)
• Event Log Report
• System Log Report
• Configuration Management Log Report (not available if the configuration manager is disabled)
The following reports are Java-based:
• Interface Report
• Alarm Log Report
• Event Log Report
• System Log Report
• Configuration Management Log Report
The Java-based reports can be sorted, filtered, and paginated, but they cannot be customized. The
Tcl-based reports can be customized, and can serve as models for new reports. You can create your own
reports by writing Tcl scripts that generate HTML code. See “Creating New Reports” on page 389 for
details.
The rest of the reports are generated by Tcl scripts. T
EPICenter Software Installation and User Guide
375
Dynamic Reports
You can access the EPICenter software Dynamic Reporting capability in one of two ways:
• By clicking the Reports button in the EPICenter software Navigation Toolbar
• By launching your Web browser and logging in directly from the EPICenter Start-up page
To log in directly from the EPICenter software Start-up page, follow these steps:
1 Launch your Web browser.
2 Enter the following URL:
http://<host>:<port>/
In the URL, replace <host> with the name of the system where the EPICenter server is running.
Replace <port> with the TCP port number that you assigned to the EPICenter Web Server during
installation.
NOTE
If you used the default web server port, 80, you do not need to include the port number.
The EPICenter Start-up page appears.
3 Click View Reports in the left-hand panel of the Start-up page.
The EPICenter Login page appears.
4 Enter your user name and password, and click Login. Use the same user name and password as you
use to log in to the EPICenter system.
The Dynamic Reports module is displayed. The main page includes a brief description of the
predefined reports that are available.
Viewing Predefined EPICenter Reports
To view a predefined report, click the Reports button in the Navigation Toolbar.
To go to the main EPICenter user interface from the Network Summary Report page, click the “About
EPICenter” link at the bottom of the list. This displays the About EPICenter page.
To exit from EPICenter, click the Logoff button in the Navigation Toolbar. This returns you to the
EPICenter Start-up page.
Report Filtering
Five of the reports provide a filtering capability that lets you select the information that should appear
in the report. This filtering capability lets you construct a two-part conditional statement based on the
values of relevant variables in the EPICenter database.
The following reports provide filtering:
• Interface Report
• Alarm Log
• Event Log
• Sys Log
376
EPICenter Software Installation and User Guide
Viewing Predefined EPICenter Reports
• Config Mgmt Log
These reports provide a set of fields at the top of the report similar to the ones shown in Figure 186.
Figure 186: Report filter specification
To create a filter, follow these steps:
1 In the first field, select the variable to use in the filter. The variables from which you can choose are
based on the column headings in the report, and depend on the type of report you are viewing.
2 In the second field, select a comparison operator. You can choose from the following comparison
operators:
— > (greater than)
— < (less than)
— <= (greater than or equal)
— >= (less than or equal)
— != (not equal)
— = (equal)
— starts with
— ends with
— contains
If the variable values are strings, then the comparisons are taken to indicate alphabetic order, where
greater than indicates later in later in the alphabet (for example, the letter B is greater than A).
3 In the third field, select the value you want to compare the variable against. If the variable takes a
string as its value, enter a string. If the variable is numeric, enter an integer.
NOTE
You can use the browser Copy and Paste functions to copy a specific value from the current report
into the comparison field.
4 In the fourth field, you can indicate whether the second condition should be used. To use a second
condition to your filter, choose one of the logical operators And or Or. Specify And to include a row
in the report only if both conditions are true. Select Or to include the row if either one (or both) of
the conditions are true.
If you do not want to include a second condition, select NIL to indicate that the second clause should be
ignored.
5 Click Filter to generate the report based on the filter you have specified.
Click Remove Filter to remove the filter definition and generate an unfiltered report.
EPICenter Software Installation and User Guide
377
Dynamic Reports
Server State Summary Report
The Server State Summary Report displays statistics about configured servers, SNMP activity, thread
and SNMP session pools, database activity, the ports used by the EPICenter server, and EPICenter
licenses. The report provides the following information.
The first table in the report shows the status of the servers known to EPICenter and whether they are
enabled or disabled, and running or stopped:
• TFTP Server
• Syslog Server
• Radius Server
The second table in the report provides the number of operations that have occurred in the last minute,
the last hour, and the last day (24 hours) for the following operations:
• SNMP Queries—Number of SNMP queries performed by the EPICenter server
• Database Commits—Number of database commits performed by the EPICenter server
• Client Requests—Number of data requests to the EPICenter server performed by all connected
clients
• Trap Requests—Number of trap PDUs received by the EPICenter server
• Syslog Messages—Number of syslog message received by the EPICenter server
The third table in the report shows scalability statistics for the thread pool and the SNMP session pool:
Thread Pool Statistics
• Pool Size—Thread pool size for the threads that are used to perform server operations (for example,
reading data from a device or configuring the devices)
• Default Allocation Size—Number of threads used to perform a single operation (for example,
running a Telent macro across a number of devices)
• Currently In Use—Number of threads currently in use
• Maximum In Use at Once—Maximum number of threads that are in use at one time
• Total # of Requests—Total number of times a thread is requested to perform an operation in the
server
• Total # of Wait For Thread—Total number of times the server has to wait for a thread to become
available
• Percentage Wait per Request—Percentage of total wait versus total request for threads
SNMP Session Pool Statistics
• Pool Size—Maximum number of allowed SNMP access sessions to the devices
• Default Allocation Size—Not applicable
• Currently In Use—Number of SNMP access sessions currently in use
• Maximum In Use at Once—Not applicable
• Total # of Requests—Total number of times an SNMP object is requested to perform an operation in
the server
378
EPICenter Software Installation and User Guide
Viewing Predefined EPICenter Reports
• Total # of Wait For Thread—Total number of times the server has to wait for an SNMP object to
become available
• Percentage Wait per Request—Percentage of total wait versus total number of requests for SNMP
objects
The fourth table in the report shows the ports currently in use by the EPICenter server.
• Web Server—Port currently used by the EPICenter web server.
• Trap Receiver—Port currently used by the EPICenter server to receive traps
• Radius Server—Port currently used by the RADIUS server
• Telnet—Port currently used for Telnet
• Database—Port currently used for EPICenter database communication
• Web Server Admin—Port currently used EPICenter web server administration
The Web Server, Trap Receiver, Radius and Telnet ports can be changed through the Administration
applet, if you have administrator-level access to EPICenter. See Chapter 16 for more information.
If you are running under Windows 2000 or Windows XP, you can use the Port Configuration Utility,
accessible from the Programs menu, to change the database port. See Appendix B for details on the
utility.
The fifth table in the report shows the status of licenses (licensed or not licensed) that are supported by
the EPICenter server:
• EPICenter Server—License for the EPICenter server
• Unlimited Nodes—License to have unlimited nodes
• Distributed Server—License for the Distributed Server
• Policy—License for the EPICenter Policy Manager
• Voice Over IP—License for Voice Over IP (If you have a license for Voice Over IP, you will see this
row in the table.)
Device Inventory Report
To view a Device Inventory Report, click the Device Inventory link in the left-hand panel.
The Device Inventory Report displays basic status and identification information for the device groups
and devices known to EPICenter. The initial display presents summaries at the Device Group and the
device type level.
A drill-down report, called the Device Details report, contains the same information you can view in
the Inventory applet.
Device Group Summary
The Devices by Group table displays the following information:
• Device Group—Name of the device group
• Description—Description of the group as kept in the EPICenter device inventory
• Quantity—Number of devices in the group
EPICenter Software Installation and User Guide
379
Dynamic Reports
Select a Device Group or All Devices to display the Device Summary report for the devices in the
group.
The Device Summary report displays the following information about each device:
• Group—All EPICenter Device groups to which it belongs (this is displayed only if you select All
Devices)
• Name—Name of the device from the sysName variable
• IP Address—IP address of the device
Click the IP address to display a table with detailed configuration and status information. This is the
same information you can view in the Inventory applet.
• Type—Type of device
• Location—Device location from the sysDescr variable
• MAC—MAC address of the device
• Serial Number—Device serial number
• Current Image—Software version currently running on the device, if known
Click the heading of a column to sort on the contents of that column.
Device Type Summary
The Devices by Type table displays the following information:
• Device Type—Type of device
• Quantity—Number of devices of this type known to EPICenter
Select a device type or All Devices to display the Device Summary report.
The Device Summary report displays the following information about each device:
• Device Group—All the EPICenter Device Groups to which it belongs
• Name—Name of the device from the SNMP sysName variable
• IP Address—IP address of the device
Click the IP address to display a table with detailed configuration and status information. This is the
same information you can view in the Inventory applet.
• Type—Type of device (this is displayed only if you select All Devices)
• Location—Device location from the sysDescr variable
• MAC—MAC address of the device
• Serial Number—Device serial number
• Current Image—Software version currently running on the device, if known
Click the heading of a column to sort on the contents of that column.
380
EPICenter Software Installation and User Guide
Viewing Predefined EPICenter Reports
Slot Inventory Report
To view a Slot Inventory Report, click the Slot Inventory link in the left-hand panel.
The Slot Inventory Report displays basic status and identification information for the slots and module
cards known to EPICenter. The initial display presents a summary of module card types and empty
slots. This includes the following information:
• Card Types—Type of module cards and empty slots known to EPICenter
• Quantity—Number of modules of a certain type, all module cards, and the number of empty slots
known to EPICenter
Card Summary Report
Select a Card Type or All Cards to display the Card Summary report for the modules known to
EPICenter.
The Card Summary report displays the following information about each module:
• Device Group—Name of all the device groups
• Device Name—Name of the device from the sysName variable
• Device Address—IP address of the device
• Device Location—Device location from the sysDescr variable
• Card Type—Type of module card (this is displayed only if you select All Cards)
• Slot Name—Number or letter of the slot where the module card is installed
• Card Serial Number—Module card serial number
Click the heading of a column to sort on the contents of that column.
Empty Slots Report
Select Empty Slots to display the Empty Slots summary report for the empty slots known to EPICenter.
The Empty Slots summary report displays the following information about the empty slots:
• Device Group—Name of the device group
• Device Name—Name of the device from the sysName variable
• Device Address—IP address of the device
• Device Location—Device location from the sysDescr variable
• Empty Slots—Number or letter of the empty slot(s) on the device
Click the heading of a column to sort on the contents of that column.
EPICenter Software Installation and User Guide
381
Dynamic Reports
Device Status Report
To view a Device Status Report, click the Device Status link in the left-hand panel. This displays the
device status and failure log for all devices known to EPICenter.
The initial display presents a summary at the Device Group level. This includes the following
information:
• Group—Name of the device group
• Description—Description of the group as kept in the EPICenter device inventory
• Alarms Generated—Total alarms for all devices in the device group
• Devices Up—Number of devices in the group that are up
• Devices Not Responding—Number of devices in the group that are not responding
• Devices Marginal—Number of devices in the group whose operation is marginal.
• Devices Offline—Number of devices in the group that are offline.
Select a Device Group to display the Device Status Report for the devices in the group.
The Device Status report displays the following information:
• Device Group—Name of the device group
• Device Name—Name of the device from the sysName variable
• IP—IP address of the device
• Status—The status of the device. Choices include operational, offline, marginal, and not responding
• Last Failure (Local Time Zone)—Time at which the most recent device failure occurred (based on the
local time zone of the EPICenter server)
• Down Period (d:h:m:s)—Length of time the device was unreachable, reported in
days:hours:minutes:seconds
• Boot Time (Local Time Zone)—Time when the device was last booted (based on the local time zone
of the EPICenter server)
• Alarms in last 24 hours—Number of alarms in the last 24 hours from this device
If the number of alarms is greater than zero, you can click on the number to display a summary of
the alarms that have occurred for this device.
Click the heading of a column to sort on the contents of that column.
VLAN Summary Report
To view a VLAN Summary Report, click the VLAN Summary link in the left-hand panel. This displays
a report of the VLANs known to EPICenter. The information reported includes:
• VLAN Name—Name of the VLAN
• Tag—802.1Q tag, if any
• Protocol—Protocol used to filter packets for this VLAN
• Device List—IP addresses of devices with QoS profiles configured for this VLAN
Select a VLAN to display the VLAN Details report for a VLAN.
382
EPICenter Software Installation and User Guide
Viewing Predefined EPICenter Reports
The VLAN Details report displays the following information:
• Device Name—Name of the device that the VLAN is a member of
• IP Address—IP address of the device that the VLAN is a member of
• VLAN IP—IP address assigned to the VLAN
• Tagged Ports—List of 802.1Q tagged ports
• Untagged Ports—List of untagged ports
• # Tagged Ports—Number of tagged ports
• # Untagged Ports—Number of untagged ports
• #10/100 Ports—Number of 10/100 ports
• # Gig Ports—Number of Gigabit ports
• # Active Ports—Number of active ports
See Chapter 13 for more information on VLANs.
Voice VLAN Summary Report
To view a Voice VLAN Summary report, click the Voice VLAN Summary link in the left-hand panel.
This displays a report of the voice VLANs known to EPICenter. The information reported includes:
• VoIP VLAN Name: Name of the VLAN
• Device List: IP addresses of devices with ports that are members of this VLAN, and the QoS Profile
configured for this VLAN on each device
Click on a VLAN name to display the Voice over IP Details report for the devices in the VLAN.
The Voice over IP Details report displays the following information:
• Device Name: Name of the device
• IP Address: IP address of the device
• VLAN IP: The IP address and subnet mask assigned to the VLAN (if any) on the switch
• Egress Port List: The ports specified as Egress ports for the VoIP VLAN
• Number of Phone Ports: The number of ports that are available for use as IP phone ports
Click the VLAN name to display a detailed report for an individual VLAN.
Interface Report
To view a device interface report, click the Interface Report link in the left-hand panel. This displays a
report on the status of every port known to EPICenter. The information reported for each interface
includes:
• IP Address—IP address of the interface
• Port—Port number of the interface
• Port Name—Port name of the interface
• AdminStatus—Interface administrative status (enabled/disabled)
• OperStatus—Operational status of the interface (ready/active)
EPICenter Software Installation and User Guide
383
Dynamic Reports
• Configured Speed/Type—Nominal (configured) speed of the interface
• Actual Speed/Type—Actual speed of the interface
• Edge/Uplink—Edge or uplink port interface
Since the EPICenter server may be aware of many hundreds of ports, the interface information is
displayed in groups of 25 ports per page. You can navigate among the pages using any of the following
methods:
• Clicking the Previous and Next links
• Selecting a page number from the at the top of the report
• Clicking the First or Last links to display the first or last page in the report
The list of ports is sorted initially by IP address. Click the heading of a column to sort the report based
on the contents of that column. For example, to sort by operational status, click on the OperStatus
heading.
You can filter the ports that are displayed by constructing a conditional filter using the fields at the top
of the page. This lets you construct a two-clause filter statement in the form shown in Figure 187.
Figure 187: Device Ports filter specification
You can filter on any of the variables shown in the report.
Resource to Attribute Mapping Report
The Resource to Attribute Mapping Report displays a list of all the resources that include the specified
attribute. Click the Resource to Attribute Mapping link in the left-hand panel to display the attribute
selection field. Then select an attribute from the pull-down list, as shown in Figure 188.
Figure 188: Attribute specification for Resource to Attribute Mapping report
384
EPICenter Software Installation and User Guide
Viewing Predefined EPICenter Reports
The pull-down list shows a set of system-defined attributes used by the Policy Manager, along with any
attributes you have added to resources through the Grouping Manager.
The system-defined attributes (IP, UDP Any, TCP Any, TCP Permit-Established Any, IP Any, L4 Port,
and IP Address) have static definitions and are used internally by the EPICenter Policy Manager.
User-defined attributes are created within the Grouping Manager, either by adding them to a resource
through the user interface, or by importing them.
For the attribute you select in the pull-down menu, the report displays the following information:
• Resource Type—Type of the resource (such as device, user, host, or group)
• Resource Name—Name of the resource that includes the selected attribute
• Attribute Value—Value of the attribute associated with the resource
Unused Ports Report
The Unused Ports report provide information about inactive ports for a particular device. To get an
unused ports report, select the following:
• Vlan—Select all VLANs or the name of a particular VLAN
• Device Group—Select all groups or the name of a particular device group
• Inactive Days—Enter the number of days of inactivity for the requested port(s)
• Inactive Hours—Enter the number of hours of inactivity for the requested port(s)
When you complete your selections, click Submit.
The report can be saved in csv or xml format, or shown in a single page, and shows the following:
• Device Name—Name of the device on which the port resides
• IP Address—IP Address of the device on which the port resides
• Inactive Ports—Inactive ports on the device
• Groups—Device groups to which this device belongs
• Location—Location of the device
Click the heading of a column to resort the display.
User to Host Mapping Report
The User to Host Mapping Report displays a list of any user and host mappings that are currently
defined, along with the primary IP address of the host. User-host mappings can be created in the
Grouping Manager, and can also be created automatically if the Dynamic Link Context System (DLCS)
is enabled on your Extreme devices. Click the User to Host Mapping link in the left-hand panel to
display the attribute selection field.
The report displays the following information:
• User Name—User name
• Host Name—Name of the host mapped to the user
• Host IP Address—Primary IP address of the host
EPICenter Software Installation and User Guide
385
Dynamic Reports
Network Login Report
The Network Login Report provides information about 802.1x and HTTP login activity. The HTTP
network log is Extreme-specific. The report displays the following information:
• Device Name—Name of the device
• IP Address—IP address of the device
• Network Login Activity—802.1x Network Login activity that has occurred on this device.
Click the heading of a column to resort the display.
Alarm Log Report
To view an Alarm Log Report, click the Alarm Log link in the left-hand panel. This displays a report of
all the entries in the EPICenter Alarm Log. The information reported includes:
• Time—Time the alarm occurred (local time of the EPICenter server)
• Name—Name of the alarm
• Severity—Severity level of the alarm
• Source—IP address of the device that generated the alarm
• Category—Category that the alarm is classified under
• Ack’ed (acknowledged)—Whether the alarm has been acknowledged (1 is acknowledged, 2 is not
acknowledged)
• Event #—Event ID of the alarm (assigned by the EPICenter server when the alarm is received)
• Message—Message associated with the alarm
The alarm information is displayed in groups of 25 alarm events per page. You can navigate among the
pages using any of the following methods:
• Clicking the Previous and Next links.
• Selecting a page number from the at the top of the report.
• Clicking on the First or Last links to display the first or last page in the report.
The report is sorted initially by the Time that the alarm occurred. Click the heading of a column to sort
on the contents of that column.
You can filter the alarms that are displayed by constructing a conditional filter using the fields at the top
of the page. This lets you construct a two-clause filter statement in the form shown in Figure 189.
Figure 189: Alarm Log filter specification
You can filter on any of the variables shown in the report.
For more details on the meaning of these variable, see Chapter 5.
386
EPICenter Software Installation and User Guide
Viewing Predefined EPICenter Reports
Event Log Report
To view an Event Log Report, click the Event Log link in the left-hand panel. This displays a report of
all the entries in the EPICenter Event Log. The information reported includes:
• Event #—Event ID of the event (assigned by the EPICenter server when the event is received)
• Count—Number of consecutive events (if the same trap occurs at the same time and is received
multiple times, only one event is created and the count displays the number of traps)
• Time—Time the event occurred (local time of the EPICenter server)
• Source—IP address of the device and port number (if applicable) that generated the event
• Type—Event type (for example, SNMP Trap)
• Varbinds—Variable data transmitted with a trap
The event information is displayed in groups of 25 events per page. You can navigate among the pages
using any of the following methods:
• Clicking the Previous and Next links
• Selecting a page number from the at the top of the report
• Clicking the First or Last links to display the first or last page in the report
Click the heading of a column to sort on the contents of that column.
You can filter the events that are displayed by constructing a conditional filter using the fields at the top
of the page, as shown in Figure 190. This lets you construct a two-clause filter statement.
Figure 190: Event Log filter specification
You can filter on any of the variables shown in the report.
You can use the browser Copy and Paste functions to copy a specific value from the current report into
the comparison field. This is particularly useful if you want to filter on a specific Varbinds value.
System Log Report
To view a System Log Report, click the Sys Log link in the left-hand panel. This creates a report of all of
the entries in the System Log. The information displayed includes the following:
• Event #—Event ID of the syslog entry (assigned by the EPICenter server when the syslog is received)
• Time—Time the syslog is received by EPICenter (local time of the EPICenter server)
• Source—IP address of the device that generated the syslog entry
• Facility—Syslog facility field
EPICenter Software Installation and User Guide
387
Dynamic Reports
• Severity—Syslog severity field
• Message—Syslog message
The event information is displayed in groups of 25 events per page. You can navigate among the pages
using any of the following methods:
• Clicking the Previous and Next links
• Selecting a page number from the at the top of the report
• Clicking the First or Last links to display the first or last page in the report
Click the heading of a column to sort on the contents of that column.
You can filter the events that are displayed by constructing a conditional filter using the fields at the top
of the page, as shown in . This lets you construct a two-clause filter statement.
Figure 191: System Log filter specification
Configuration Management Log Report
To view a Configuration Management Log Report, click the Config Mgmt Log link in the left-hand
panel. This creates a report of all the entries in the Configuration Management Log. The information
displayed includes the following:
• Time—Time when the activity occurred (local time of the EPICenter server) .
• Device—IP Address of the device.
• Activity—Activity that occurred, such as uploading a configuration file, updating a software image,
and so on. The actual entries will be abbreviated in form similar to “Get Cfg From Device” or “Put
Cfg To Device.”
• Status—Status of the activity (Success or Failed).
• File—Name of the file involved in the upload or download.
• Descr—Description of the problem for a failed activity.
Click the heading of a column to sort on the contents of that column.
You can filter the management activity events that are displayed by constructing a conditional filter
using the fields at the top of the page, as shown in Figure 192. This lets you construct a two-clause filter
statement.
388
EPICenter Software Installation and User Guide
Printing EPICenter Reports
Figure 192: Configuration Management Log filter specification
You can filter on any of the variables in the report.
Printing EPICenter Reports
Unlike the other EPICenter applets, you can print EPICenter reports using your browser’s print
function. To print a report, place the cursor in the pane where the port is displayed, and use the
browser’s Print button, or the Print command from the File menu, to initiate the print.
You can also use the show all link to print all data from a large .html page.
Exporting Reports
Some of the EPICenter reports can be exported to either .csv or .xml format. Exporting reports allows
you to use various software applications to manipulate the data. The following reports can be exported:
• Device Inventory
• Slot Inventory
• Interface Reports
• Unused Ports
• Network Login
• Alarm Log
• Event Log
• Sys Log
• Config Management Activity Log
From the main Reports page, you can generate a report to be used by Extreme Networks eSupport
using by selecting the group and clicking Export.
Creating New Reports
The EPICenter software allows you to customize the existing EPICenter dynamic reports, and to define
new reports. Because the reports use HTML and Tcl, you can incorporate the new or modified reports
into the running EPICenter server without requiring a restart. In addition, the EPICenter software
includes features that aid in debugging user changes.
EPICenter Software Installation and User Guide
389
Dynamic Reports
All the files needed to create or modify reports can be found in the directory
<epicenter_install_dir>/user/reports, where <epicenter_install_dir> is the directory where
the EPICenter software resides (by default c:/Program Files/Extreme Networks/EPICenter 4.1)
in the Windows operating environment, or /opt/extreme/epc4_1 on a Solaris system). There are two
subdirectories under the reports directory:
• The html directory contains the HTML files displayed by the EPICenter server. The HTML files in
the reports directory have the following functions:
— index.html sets up the various frames for the browser display. It references menu.html to define
the menu on the left-hand side, and body.html for the content in the main panel of the window.
— menu.html defines the menu items for the predefined reports, and includes links to the html files
that generate the reports. This is a generated file. You can use this file in a customized report, but
it is not user-modifiable.
— body.html defines the content that appears in the main panel of the window when the Reports
feature is requested, either from the EPICenter software Start-up window, or from the icon on the
Navigation Toolbar. Modify this file if you want to change or add to the list of Reports and their
descriptions.
— color1.html defines the color of the bar at the top of the main content window. This is a
generated file. You can use this file in a customized report, but it is not user-modifiable.
— epistylesheet.css contains the style definitions used in the menu and main body frames.
— reportstylesheet.css contains the style definitions used in the reports themselves. To change
the look of all reports, you can modify this stylesheet.
— The remaining files, such as device_summary.html, and vlan_summary.html, define a number of
the actual reports available from the Reports module.
Note that some of the reports (the Interface Report and the four Log reports) are not
user-modifiable, and are not included in the HTML directory.
• The tcl directory contains the following:
— The Tcl methods available for creating new reports
— The source code for the existing reports
The information presented in the remainder of this chapter assumes you have a reasonably thorough
understanding of both HTML and Tcl scripting.
390
EPICenter Software Installation and User Guide
Creating New Reports
Creating or Modifying a Report
You can modify an EPICenter report HTML file in any HTML editor, such as Microsoft FrontPage.
You can modify the existing HTML files to change the look and feel of the report, your icons, etc. The
vlan_summary.html file is a good example.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>EPICenter - Vlan Reports</title>
<LINK REL=STYLESHEET HREF="reportstylesheet.css" TYPE="text/css">
</head>
<BODY bgcolor="#ffffff" marginwidth="20" marginheight="0" leftmargin="20" topmargin="0">
<TABLE border="0" cellspacing="0" cellpadding="0" height="120px">
<TR valign="bottom"><TD>
<H2>Vlan Reports</H2>
</TD></TR>
<TR valign="top"><TD>
Information is available about the following vlans in EPICenter:<br>
Report generated on <extr>clock format [clock seconds]</extr></TD></TR>
<TR valign="bottom"><TD><P><img src="images/green.gif" width=650px height=3px></P>
</TD></TR>
</TABLE>
<BR>
<!-- xxxxxxxxxxxxxxxxxxxxxxxxx -->
<p><font size="3"><extr>ShowVlanSummaryList</extr></font></p>
<p><font size="3"></font>&nbsp;</p>
<p><font size="3"></font>&nbsp;</p>
</body>
</html>
The vlan_summary.html file is just like a standard HTML file with one exception: it has a new pair of
tags, <extr> ... </extr> which are specific to the EPICenter report server. The EPICenter report
server treats everything defined between these tags as Tcl code. The report server executes this code
dynamically when it generates the report (upon a user request through the browser).
You can use any standard Tcl constructs between these tags, and you can also use methods defined in
the “extr” package (extr.tcl). extr.tcl defines a set of methods to obtain information from the
EPICenter software database. Appendix D defines a number of database views that contain information
that may be useful in creating reports.
EPICenter Software Installation and User Guide
391
Dynamic Reports
In addition, you can define new methods in any Tcl file in the
<epicenter_install_dir>/user/reports/tcl directory, and use those methods inside the HTML file
within the <extr> and </extr> tags.
A number of reports have been defined for use as examples. Look at the various HTML files to
understand how <extr> tags are used within HTML files.
Look at the methods defined in the file user/reports/tcl/examples.tcl for details on using these
methods to generate the data that will become a part of the generated report. Some utility methods
have been provided in commands.tcl to help parse the result that comes back from the EPICenter
software API.
In general, the Tcl methods defined here will generate well-formatted HTML. Everything between the
<extr> and </extr> tags is replaced by HTML code generated by the embedded Tcl code. Using this
method, you can generate lots of new reports quickly, and without disrupting the EPICenter software
server.
Adding a User-Defined Report to the Reports Menu
To add a new user-defined report to the report menu, simply place the HTML file into the
<epicenter_install_dir>/user/reports/html/userdefined directory. The EPICenter server
automatically creates a link on the Reports menu for files in the userdefined directory. It will use the
report file names as the report names. They will appear below the heading User Defined Reports at the
bottom of the left-hand panel of the Reports page.
The file names must conform to two restrictions:
• They must use .html as the extension. .htm is not supported.
• The file name may not contain spaces.
If you want to create a set of hierarchical reports, you can create a subdirectory under the userdefined
directory to contain subordinate HTML files that should not have a direct link from the Reports menu.
NOTE
If you put files into the userdefined directory that were originally in the
<epicenter_install_dir>/user/reports/html directory, be sure you also copy the report stylesheet
(reportstylesheet.css) into the userdefined directory.
Debugging
The EPICenter software provides a mechanism that you can use to debug any Tcl procedures you write.
Debugging is done in the Tcl shell that is shipped with the EPICenter software. You do not need to view
your reports through a browser to debug them.
To debug Tcl code you have created or modified, follow these steps:
1 Run <epicenter_install_dir>/tcl/bin/tclsh83d.exe to invoke the Tcl shell.
2 Change to the <epicenter_install_dir>/user/reports/tcl directory.
392
EPICenter Software Installation and User Guide
Creating New Reports
3 Execute the command source extrdebug.tcl within the Tcl shell.
This sets up the Tcl packages required, and also establish a connection with the database using the
EPICenter software external API.
4 Now, run the command extr::ExecuteExtrCommand which parses your Tcl code and displays the
resulting HTML file.
ExecuteExtrCommand takes the following arguments:
— The name of the HTML file that will generate the report.
— A string containing the parameter that should that should be available to the HTML file. The
values for the parameters can be obtained in the various Tcl methods using
extr::GetSessionParam
You must ensure that the appropriate environment variables are set to allow access to Tcl. These should
be set as follows:
For Windows 2000 and Windows XP, set variables as follows:
TCL-LIBRARY=<epicenter_install_dir>/tcl/lib/tcl8.3
PATH=$PATH:<epicenter_install_dir>/tcl/bin
For Solaris, set the LD_LIBRARY_PATH variable as follows:
LD_LIBRARY_PATH=<epicenter_install_dir>/tcl/lib/tcl8.3
EPICenter Software Installation and User Guide
393
Dynamic Reports
Useful Methods for Debugging
The GetfromDB, ExecuteExtrCommand and GetSessionParam methods are defined as follows:
#####################################################################
# extr::GetFromDB
#
Used to make any SQL query to the database through the
#
Epicenter server. The result is a SQL result table,
#
formatted within HTML tags.
#
# Arguments
#
A string representing an SQL query.
# An optional callback function that is executed for each row of data
# Returns
#
The result table of an SQL query embedded in HTML tags.
#
#####################################################################
#####################################################################
# extr::ExecuteExtrCommand
#
This is the public method typically used during debugging.
#
When a user wants to run an HTML file through the reporting
#
engine, to generate dynamic html, s/he calls this method.
#
Users will need to use this method only during debugging.
#
# Arguments
#
filePath
This is the fully specified path of where to
#
find the HTML file that has embedded <extr> tags.
#
params
A string containing params and their values that
#
should be available to the procedures in the HTML files.
#
The parameters are specified as in HTML. i.e. the param
#
is a string of type "param1=value1&param2=value2"
#
# Returns
#
The result of executing the command. Typically this is parsed HTML.
#
#####################################################################
#####################################################################
# extr::getSessionParam
#
Used in reports to get the value of a specific parameter
#
that was passed into the reporting system.
#
This method, along with GetFromDB form the two most
#
commonly used routines by users of the reporting system.
#
The params passed into ExecuteExtrCommand are available
#
through this method.
#
# Arguments
#
param
A param name. This should be one of the params
#
that was passed into ExecuteExtrCommand.
# Returns
#
The value of the parameter. Returns "" if param was not defined.
#
#####################################################################
394
EPICenter Software Installation and User Guide
18 Voice over IP Manager
This document describes how to use the optional EPICenter Voice over IP Manager applet for:
• Configuring VLANs for use with IP phone sets
• Configuring QoS profile and priority settings for VoIP VLANs
• Computing the minimum and maximum bandwidth settings for the QoS profile used with a VoIP
VLAN
Overview of Voice Over IP Management
The Voice over IP Manager module enables you to configure quality of service parameters for VLANs
that are used for Voice over IP traffic. You can identify the VLANs that contain IP phone ports, specify
which ports in the VLAN are the egress ports for VoIP traffic, and configure the priority and bandwidth
parameters for those VLANs.
The VoIP applet computes the minimum bandwidth required for acceptable VoIP performance based on
the number of VoIP phone ports in combination with the compression rates used in the IP phones for
coding/decoding voice traffic. The VoIP applet can then configure the appropriate QoS settings on the
switches on which the VoIP VLANs reside.
The EPICenter VoIP module is a separately-licensed component of the EPICenter product family. When
a VoIP applet license is installed on the EPICenter server, the VoIP icon appears in the Navigation
Toolbar at the left of your browser window.
If no icon is present, it indicates that no current license can be found for the VoIP module. See the
EPICenter Software Installation and User Guide or the EPICenter Release Note and Quick Start Guide for
information on obtaining and installing a license.
Viewing VoIP VLAN Settings
To view the VLANs configured for Voice over IP, click the Voice over IP button in the EPICenter
Navigation Toolbar. The main Voice over IP window appears, as shown in Figure 193.
EPICenter Software Installation and User Guide
395
Voice over IP Manager
NOTE
If you have not yet selected any VLANs for Voice over IP, the Voice VLANs page will be empty. See
“Selecting VLANs for VoIP” on page 397 for instructions on selecting VLANs for VoIP traffic.
Figure 193: Voice over IP main page showing VoIP VLANs
The Voice over IP window initially displays the Voice VLANs page. Only VLANs selected for Voice
over IP are shown in this table. A message at the bottom of the window indicates how many VLANs
have been configured for Voice over IP.
If you have selected VLANs to carry VoIP traffic, this page shows a summary of the configuration,
switch by switch, of every VLAN that has been selected.
For each switch and VLAN, this table shows the following information:
• VLAN: The name of the VLAN. This may appear in the list multiple times if the VLAN is
configured on more than one switch.
• IP Address: The IP address assigned to the VLAN on the switch. This may be blank if the VLAN
does not have an IP address assigned (as is the case with the Default VLAN).
• Switch: The name of the switch.
• QoS Profile: The QoS profile assigned to this VLAN on this switch.
• Priority: The priority associated with the QoS profile.
• Min Bw: The minimum bandwidth for this QoS profile.
• Max Bw: The maximum bandwidth for this QoS profile.
396
EPICenter Software Installation and User Guide
Selecting VLANs for VoIP
When the root node is selected in the component tree (Voice over IP VLANs) the display shows all VoIP
VLANs and their included devices. If you select an individual VLAN in the Component Tree, the
display shows only the devices that include the selected VLAN.
The Select button at the top of this window lets you select VLANs for Voice over IP.
The QoS Settings tab lets you view VoIP VLAN QoS settings, change the configuration, and
automatically calculate the minimum bandwidth required.
Selecting VLANs for VoIP
The VoIP Manager module assumes that you have already created the VLAN(s) for your VoIP phone
ports. A VoIP VLAN should include both the edge switches that contain the actual IP phone ports, and
any core switches that lie between the edge and the Call Manager or PBX. You can use the EPICenter
VLAN Manager module to create a VLAN for your voice over IP network, if you have not already done
so. A VLAN that will be used with VoIP traffic should use protocol IP or Any, and may be tagged or
untagged.
If you add a new device to an existing VoIP VLAN (for example, to expand the number of IP phones)
the new device will not be configured automatically as a VoIP VLAN. You will need to select the VLAN
on the new device, and then configure the VoIP settings on that device.
1 To select the VLANs to configure for Voice over IP, click the Voice over IP button in the EPICenter
Navigation Toolbar. The main Voice over IP window appears, as shown in Figure 194.
Figure 194: Voice over IP applet, main page
EPICenter Software Installation and User Guide
397
Voice over IP Manager
When you run the VoIP applet for the first time, and have not yet selected any VLANs for VoIP, the
table shown on this page will be empty.
2 Click the Select button at the top of the VoIP window. This displays the Select Voice over IP VLANs
window, as shown in Figure 195.
Figure 195: Select Voice over IP window
In this window you can select individual VLANs, and enable or disable VoIP for that VLAN.
The Select Voice over IP VLANs table shows information about each switch in the selected VLAN:
• Enabled: A green check indicates that this switch is selected as part of the VoIP VLAN. A red X
indicates that this device has not been selected (or has been deselected). As a rule, all devices in
the VLAN will be enabled or disabled for VoIP, and switches cannot be enabled or disabled
individual. However, if a device is added to the VLAN after the VLAN has been enabled, that
switch will not be enabled until you re-enable the entire VLAN.
• IP Address: The IP address assigned to the VLAN on the switch. This may be blank if the VLAN
does not have an IP address assigned (as is the case with the Default VLAN).
• Switch: The name of the switch.
• QoS Profile: The QoS profile assigned to this VLAN on this switch.
• Priority: The priority associated with the QoS profile.
• Min Bw: The minimum bandwidth for this QoS profile.
• Max Bw: The maximum bandwidth for this QoS profile.
The VoIP Manager applet assumes that you have already set up the VLANs you will be using for
your VoIP traffic.
3 To display a VLAN, pull down the list of VLANs from the All VLANs field at the top of the
window, and select a VLAN, as shown in Figure 196.
398
EPICenter Software Installation and User Guide
Selecting VLANs for VoIP
Figure 196: Select Voice over IP window with Disabled VLAN
NOTE
Although the device-created VLANs (Default, Mgmt and MacVlanDiscover) can be selected as VoIP
VLANs, it is not recommended that you use these for voice traffic. Configuring the QoS profiles
could conflict with other uses of those VLANs.
4 To enable VoIP on a VLAN, click the Enable VoIP button. This will select this VLAN as a VoIP-enabled
VLAN, and will save this setting in the EPICenter database.
To disable VoIP on a VLAN, click the Disable VoIP button. This will remove this VLAN as a
VoIP-enabled VLAN, and will save this setting in the EPICenter database.
NOTE
Any devices added to the VLAN after the VLAN has been configured for VoIP are not automatically
configured for VoIP. You must return to the VoIP applet and configure the new device.
5 Click Close to close the window.
NOTE
When you disable a VLAN, the VoIP settings for the devices in the VLAN remain in the EPICenter
database. Therefore, if you re-enable the VLAN at a later time, the same settings (such as egress ports
and QoS profile settings) will still apply. The VoIP VLAN settings for a device will be deleted from the
database only when the device is removed from the EPICenter inventory, or if the VLAN itself is
deleted.
Only VoIP-enabled VLANs appear in the list of VoIP VLANs in the main VoIP window.
EPICenter Software Installation and User Guide
399
Voice over IP Manager
QoS Settings for a VoIP VLAN
For each Voice over IP VLAN, you can specify the compressions algorithm and QoS profile settings that
should be used for the VLAN. In addition, you can indicate which of the ports within the VLAN are the
egress ports for the VoIP traffic.
To manipulate the settings for a VoIP VLAN, do the following:
1 Select the QoS Settings tab in the main VoIP window.
2 Select one of the VoIP VLANs from the Component Tree at the left hand side of the window.
The QoS Settings for the selected VLAN are displayed, as shown in Figure 197.
Figure 197: QoS Settings page for a VoIP VLAN
The top portion of the QoS Settings page shows the current QoS settings for each switch in the VLAN.
If you configure new settings using the Configure VoIP QoS Parameters dialog, the settings shown in
this part of the display may change to reflect the new settings.
The bottom portion of the QoS Settings page shows the default configuration attributes (compression
algorithm, priority and QoS profile) for the selected VLAN. It also displays all the ports that are
members of the VLAN, including the ports you have selected as egress ports. You can use these lists to
indicate which ports in the VLAN are the egress ports.
400
EPICenter Software Installation and User Guide
QoS Settings for a VoIP VLAN
Default Configuration Attributes
The default configuration settings are used in the calculation of the minimum bandwidth for the VLAN,
and can also be used to configure all switches in the VLAN automatically. As an alternative, you can
you specify settings for individual switches in the VLAN and configure the devices individually. The
default configuration settings are saved in the EPICenter database; individual switch settings are not.
The Default Configuration Attributes display shows the following information:
• Max # of Phones: This shows the number of ports that are available for use as IP phone ports. This
number is calculated as the total number of ports in the VLAN minus the number used as egress
ports.
• Compression Algorithm: This specifies the speech encoding/decoding algorithm that is being used
by the IP phone sets you have connected to this VLAN. You can select from the following
algorithms:
— G.729: encodes speech at 8 Kbps
— G.711: encodes speech at 64 Kbps (uncompressed). This is the default.
— G.723.1: encodes speech at 6.4 Kbps
— Other: If you select this, you must set a compression rate in the Configure VoIP Parameters
dialog.
Select the setting that matches the configuration of your IP phones. The setting you select does not
actually affect the compression algorithm used, since this is done in the IP phone itself, but is used to
compute the minimum bandwidth for the QoS profile settings for this VLAN.
You can modify this setting for individual switches using the manual QoS configuration process. You
may need to do this if you have several types of IP phones that use different compression
algorithms. If the setting you select does not match the algorithm actually used to encode speech by
your phone, the computed QoS bandwidth settings may not be accurate.
NOTE
VoIP configuration attributes are set on a switch-by-switch basis, meaning that all IP phones
connected to an individual switch are assumed to use the same compression algorithm. Settings
cannot currently be configured for individual ports.
• Priority: This specifies the priority of the VoIP traffic on this VLAN. You can select any of the eight
priority settings (from low to highHi). The default is highHi. Typically the priority for VoIP traffic
should be high relative to other traffic. Again, you can also set this parameter individually for
switches in the VLAN using the manual QoS configuration process.
If you specify an unsupported priority for a non-i-series device, the EPICenter VoIP server will
automatically map the unsupported priority to a supported priority when it does the QoS
configuration on the device. This process maps priority lowHi to low, normalHi to normal,
mediumHi to medium, and highHi to high.
• Profile: This specifies the QoS profile that will be used by default for this VLAN on each switch in
the VLAN. The default is QP8. Note that non-i-series switches (Summit switches running
ExtremeWare 4.x) only support four QoS profiles (QP1 through QP4) so for a non-i-series switch, you
must change the profile using the manual configuration process.
NOTE
Each of these setting (except for maximum number of phones) can be modified for individual
switches in this VLAN on a switch-by-switch basis. You can do this using the manual QoS
configuration process.
EPICenter Software Installation and User Guide
401
Voice over IP Manager
• Egress Port Selection: The QoS Settings page also displays every port in the VLAN in one of the two
lists in the Egress Port Selection portion of the window. You use these lists to designate the ports that
should be used as the egress port on each device in the VLAN. Egress ports are used to route VoIP
traffic from the IP phone ports (ingress ports) to the Call Manager or PBX, either directly or via
trunk ports between other switches in the VLAN. You should designate at least one port on each
switch in the VLAN as an egress port in order for VoIP to function over the VLAN. You can
designate as many egress ports as you need.
To designate egress ports, do the following:
— Select one or more ports in the Ports in VLAN list, and click the Add button
to move
them to the Selected Egress Ports in VLAN list. You can select multiple ports by holding down
the CTRL or Shift keys while you make your selections.
— To remove ports from the Selected Egress Ports in
VLAN list, select the ports and click the Remove button
You can remove all ports from the Selected Egress
Ports in VLAN list by clicking the Remove All button
.
.
NOTE
If some of the ports in your port list are not physically present in the device (a GBIC has been
removed, for example) and those ports are not set to auto-negotiate, the port speed will be shown
as zero in the port list. If you select such a port as an egress port, this will result in the minimum
bandwidth being calculated as zero for the VLAN. If the port speed is set to auto, the calculation will
assume a port speed of 100 Mbps and will work correctly.
Minimum Bandwidth Calculations
The VoIP Manager module computes the minimum bandwidth setting for the QoS profile used for the
VoIP VLAN to ensure acceptable VoIP performance. It first computes the total bandwidth needed based
on the number of VoIP phone ports in combination with the compression rate used in the IP phones for
coding/decoding voice traffic. It then determines the minimum bandwidth as the percentage of the
egress port bandwidth that is required to support all the IP phone ports simultaneously. The minimum
bandwidth setting will never be less than 1% of the egress port’s total available bandwidth. However,
there may be situations where the bandwidth calculation algorithm either overestimates or
underestimates the minimum bandwidth requirements.
If the egress port speed is set to Auto, the bandwidth calculation assumes 100 Mbps as the configured
port speed. If the port’s actual speed is 1000 Mbps, the calculation may overestimate the percentage of
bandwidth required for VoIP traffic. If there are multiple egress ports running at different speeds, the
VoIP applet calculates the percentage based on the lowest port speed among the egress ports. For best
results, it is recommended that you turn auto-negotiation off and explicitly configure the speed of your
egress ports.
The VoIP Manager module calculates the minimum bandwidth requirements separately for each switch
in the VLAN. The bandwidth calculation algorithm assumes there is a one-to-one correspondence
between the number of IP phones and the number ingress ports included in the VoIP VLAN, and that
all ingress ports in the VLAN (those not designated as egress ports) are IP phone ports. However, if the
VoIP VLAN topology includes upstream switches, the ingress port may actually be a trunk port
carrying aggregated VoIP traffic. In this case, the bandwidth calculation algorithm may underestimate
the minimum bandwidth needed for the ingress port on the upstream switch.
For example, Figure 198 shows a topological representation of devices in a VoIP network. In this
illustration, IP phones are connected to 10/100Mbps ports on switch A. The VoIP VLAN also includes a
402
EPICenter Software Installation and User Guide
QoS Settings for a VoIP VLAN
gigabit port (port 50) designated as the egress port on switch A, and two gigabit ports on upstream
switch B, with port 30 designated as an egress port. This port could be connected to a Call Manager, a
PBX, or another internetworking device. Port 29 on the upstream switch is the ingress port for the VoIP
VLAN on that switch.
Figure 198: VoIP topology example
Egress
port 30
29
Switch B
(upstream switch)
30
31
32
Ingress
port 29
Egress
port 50
49
49R
50
50R
Switch A
IP phone ports
XM_031
The VoIP Manager module calculates the minimum bandwidth for each switch based on the number of
IP phone ports in the VLAN on that switch, the compression rate, and the speed of the egress port. For
switch A, the number of ingress ports does correspond to the number of IP phone connections.
However, for the upstream switch (B), the VoIP Manager module assumes that the one ingress port
(port 29) is a single IP phone port when it is actually a trunk port.
If the egress port (port 30) on the upstream switch B is configured as 1000 Mbps port (as is the case in
the example) the minimum bandwidth setting will probably be acceptable in most cases, because the
VoIP Manager module will never assign less than 1% of the bandwidth (10 Mbps for a 1000 Mbps port)
as the minimum. However, if switch A were a chassis switch that has several hundred phones
connected, the bandwidth calculation could determine that the minimum bandwidth setting for the
egress port should be 2-3%. But, based on the assumption that there is only one ingress IP phone port
(port 29) on switch B, the bandwidth calculation would determine that a 1% minimum is sufficient for
the egress port 30.
The information in Table 11 is provided to help you ensure that the minimum bandwidth setting in the
QoS profile for your VoIP VLAN is sufficient on any upstream switches.
EPICenter Software Installation and User Guide
403
Voice over IP Manager
Table 11: Minimum Bandwidth Requirements and Calculations for VoIP VLAN
Compression
algorithm
Number of
phones
(one per port)
Total calculated
bandwidth
Min bandwidth
needed for egress
ports
Max number
of phones
supported
G.711, rate=64 Kbps
0~100
0~7 Mbps
10 Mbps (Min=1%)
156
G.711, rate=64Kbps
100~200
7~13 Mbps
20 Mbps(Min=2%)
312
G.711, rate=64Kbps
200~300
13~20 Mbps
20 Mbps(Min=2%)
312
G.711, rate=64Kbps
300~400
20~26 Mbps
30 Mbps(Min=3%)
468
G.729, rate=8.0Kbps
0~100
0~1 Mbps
10 Mbps(Min=1%)
1250
G.729, rate=8.0Kbps
100~200
1~2 Mbps
10 Mbps(Min=1%)
1250
G.729, rate=8.0Kbps
200~300
2~3 Mbps
10 Mbps(Min=1%)
1250
G.729, rate=8.0Kbps
300~400
3~4 Mbps
10 Mbps(Min=1%)
1250
G.723.1, rate=6.4Kbps
0~100
0~1 Mbps
10 Mbps(Min=1%)
1562
G.723.1, rate=6.4Kbps
100~200
1~2 Mbps
10 Mbps(Min=1%)
1562
G.723.1, rate=6.4Kbps
200~300
2 Mbps
10 Mbps(Min=1%)
1562
G.723.1, rate=6.4Kbps
300~400
2~3 Mbps
10 Mbps(Min=1%)
1562
• The first two columns of Table 11 show various combinations of the compression algorithms and
number of IP phone ports.
• The third column shows the total bandwidth requirement calculated based on the compression rate
and number of ports as shown in the first two columns.
• The fourth column (Min bandwidth needed for egress ports) shows the corresponding minimum
bandwidth that should be configured for a gigabit egress port such as the egress port on the
upstream switch.
• The last column shows the actual maximum number of simultaneous calls that can be supported by
the minimum bandwidth.
Find the minimum bandwidth setting in the table that corresponds to your VoIP setup (number of
phones and compressions algorithm. Then, make sure the minimum bandwidth setting for the VLAN
on your upstream switch(es) meets this requirement. You can change the bandwidth settings for an
individual switch using the Configure VoIP QoS Parameters dialog. See “Configuring QoS Settings” on
page 404 for more information.
Note that the bandwidth calculation algorithm always assumes there is a one-to-one correspondence
between the number of IP phones and the number of ingress ports included in the VoIP VLAN. Another
situation that may result in an incorrect bandwidth calculation is where multiple IP phone are
connected via a hub to a single ingress port on a switch. In this configuration the VoIP Manager will
underestimate the number of IP phone connections, and will therefore underestimate the required
minimum bandwidth. In this case, you can also use the information in Table 11 to help you determine
the correct minimum bandwidth in the QoS profile for the VoIP VLAN on the switch.
Configuring QoS Settings
Changing the default configuration attributes does not actually configure any settings on the switches.
The information is provided to simplify the configuration task for the user and to recommend minimum
404
EPICenter Software Installation and User Guide
Configuring QoS Settings
bandwidth settings for the QoS profiles on the component switches. You can configure the
recommended QoS settings on your switches in one of two ways:
• The Auto Configure QoS button calculates the recommended settings based on your default
selections, and configures them on all switches in the selected VLAN.
• The Manually Configure QoS... button displays a dialog where you can modify the settings for
individual switches, and then configure only selected devices.
To configure the default QoS settings on all switches in the VLAN, do the following:
1 On the QoS Settings page, select the default settings for the VLAN.
2 Click the Auto Configure QoS button at the bottom of the page.
The VoIP applet calculates the recommended bandwidth settings, and sends the configuration to each
switch in the VLAN.
To configure one or more individual switches with a particular setting that differs from the default
settings, do the following:
1 From the QoS Setting page, click the Manually Configure QoS... button at the bottom of the page.
This displays the Configure VoIP QoS Parameters dialog, as shown in Figure 199.
Figure 199: Configure VoIP QoS Configuration Parameters dialog
Initially, the left hand side of this dialog displays a list of the switches in the selected VLAN, and the
default configuration attributes you specified on the QoS Settings page. You can configure the
switches with the default settings, or modify the settings for one or more individual switches. For
example, if your organization uses several types of VoIP phones with different compression
algorithms, you may need to set different algorithms and QoS profile settings for the switches to
which these phones are connected.
NOTE
VoIP Configuration attributes can only be set on a switch-by-switch basis, meaning that all IP phones
connected to an individual switch are assumed to use the same compression algorithm. Settings
cannot currently be configured for individual ports.
When you move a switch to the Calculated Settings list, the VoIP applet calculates the minimum
bandwidth required to support the VoIP traffic. It makes the calculation based on the compression
algorithm and compression rate, the number of ingress ports in the VLAN, and the speed of the
EPICenter Software Installation and User Guide
405
Voice over IP Manager
ports. Depending on your VoIP network topology and device configuration, there may be situations
where the minimum bandwidth is either overestimated or underestimated. See “Minimum
Bandwidth Calculations” on page 402” for more details. If this occurs, you can edit the bandwidth
parameters as part of this configuration process.
The VoIP applet also sets the QoS profile and priority in the Calculated Settings list based on the
settings you select in the fields in the Select Switches area of the window.
To configure one or more switches with settings that differs from the default settings, do the
following:
2 Make your changes to the QoS settings:
a Select the QoS profile that should be used (QP1 through QP8).
b Select the priority (low to highHi).
c
Select the compression algorithm.
d Type in a compression rate to be used as a parameter in the calculation of minimum bandwidth.
The default is the rate normally used by the compression algorithm. If you have selected “Other”
as the compression algorithm, the default is set to zero. This value is used only in the calculation
of minimum bandwidth, and does not affect the actual compression rate used by the phone. As a
rule, you should set the compression rate to be the same as the rate actually used by the
compression algorithm for the phone.
3 Select one or more switches that should be configured using these QoS settings, and click the Add
button
to move them to the Calculated Settings list.
Click the Add All button
to move the entire list of switches to the Calculated Settings list.
4 You can edit the minimum and maximum bandwidth setting values once an entry has been placed
in the Calculated Settings list. Select the cell containing the bandwidth percentage you want to
change, type in a new percentage, and click outside the cell for the change to be recognized.
There are a number of reasons why you might want to change the minimum or maximum
bandwidth settings:
— To reduce the minimum bandwidth percentage when the IP phone ports are set to Auto but
actually run at 1000 Mbps
— To increase the minimum bandwidth percentage when a ingress port is actually a trunk port
carrying aggregated VoIP traffic from an edge switch
— To limit the maximum bandwidth (the default maximum is 100%)
See “Minimum Bandwidth Calculations” on page 402 for more details on the bandwidth calculation
issues.
5 You can repeat steps one and two for other switches in the Select Device(s) list.
6 To change the profile, priority, algorithm or compression rate for an entry in the Calculated Settings
list, you must remove the switch from the list, change the settings, and add it again.
Remove switches from the Calculated Settings list by
selecting the switches and clicking the Remove button
You can remove all switches from the Calculated
Settings list by clicking the Remove All button
.
.
7 Click the Apply button to initiate configuration of the QoS parameters on the switches.
406
EPICenter Software Installation and User Guide
VoIP Reports
VoIP Reports
A Voice VLAN Summary report and a Voice over IP Details report are available from the EPICenter
Dynamic Reports Main page. The summary report provides a list of the VLANs that have been selected
as Voice over IP VLANs, along with the switches that are included in those VLANs. The Voice over IP
Details report displays information about each device in the VLAN.
You can access the EPICenter software Dynamic Reporting capability in one of two ways:
• By clicking the Reports icon in the EPICenter software Navigation Toolbar
• By logging in directly from the EPICenter Start-up page
Voice VLAN Summary Report
To view a Voice VLAN Summary report, click the Voice VLAN Summary link in the left-hand panel.
This displays a report of the voice VLANs known to EPICenter. The information reported includes:
• VoIP VLAN Name: Name of the VLAN
• Device List: IP addresses of devices with ports that are members of this VLAN, and the QoS Profile
configured for this VLAN on each device
Click on a VLAN name to display the Voice over IP Details report for the devices in the VLAN.
The Voice over IP Details report displays the following information:
• Device Name: Name of the device
• IP Address: IP address of the device
• VLAN IP: The IP address and subnet mask assigned to the VLAN (if any) on the switch
• Egress Port List: The ports specified as Egress ports for the VoIP VLAN
• Number of Phone Ports: The number of ports that are available for use as IP phone ports
Known Behaviors and Problems
This section describes known problems with this release, including recommendations for workarounds
when available. It also describes application behaviors that may not be intuitive.
No “hourglass” cursor displayed during some lengthy operations
In some cases, no hourglass cursor is displayed during lengthy operations. This includes selecting VLANs
for VoIP, and during device configuration operations. (13888)
Egress port tables are not updated after port configuration changes
For some versions of ExtremeWare, the EPICenter database does not get updated when changes are made
to the port speed and auto-negotiation parameters. This is the case for ExtremeWare 4.1.19(3), 6.1.8(13), and
6.1.9.(11). The database is correctly updated for devices running ExtremeWare 4.1.17(6) or 6.2.0(60).
(1-61CBE)
EPICenter Software Installation and User Guide
407
Voice over IP Manager
Refreshing the browser before a display update has completed may cause an exception
When you enable or disable a VoIP VLAN that has multiple devices, or when you configure VoIP Qos
settings on such a VLAN, it can take a long time (more than 30 seconds) to update the database and refresh
the display. In the browser-based client, if you attempt to do a browser refresh before this process has
finished, you may get an error exception. If this occurs, you will need to restart your browser. (1-7D7X1,
1-7D7XE, 1-7RTSM)
Saving VoIP configuration after VLAN changed outside VoIP applet results in incorrect
VoIP configuration display
If changes are made to a VoIP VLAN by another user (e.g. another EPICenter client or through the
ExtremeWare CLI) while you are configuring the VLAN through the VoIP applet, the EPICenter client
will be notified that something has changed, and will prompt you to save your configuration changes.
Before you save your changes you should ensure that the changes made to the VLAN do not conflict
with your configuration, or the configuration displayed through the VoIP applet may be inconsistent.
For example, if you place a port in the egress port list, and someone simultaneously removes that port
from the VLAN, if you save your configuration with that port still designated as an egress port, your
VoIP configuration will continue to show the removed port. Resyncing the switch through the Inventory
applet will update the VoIP configuration to correctly display only the existing ports. (1-7UFYI)
Egress port tables not updated when port configuration changes
If the EPICenter server is farther down in the queue on the switch, the VoIP applet may not receive the
trap that notifies it when the port configuration is changed, and the VoIP configuration will not be
updated. (PD2-65243630)
The MinQBuf value incorrect after VoIP configuration in ExtremeWare 6.1.7 b9
On a switch running 6.1.7 b9, after you configure Qos settings for a VoIP VLAN, the value shown for
the MinQBuf parameter, as displayed by the ExtremeWare show qosprofile command, is incorrect. It
will be displayed as a very large percentage where it should be zero. (1-5MKFT)
408
EPICenter Software Installation and User Guide
19 Using the Policy Manager
This chapter describes how to use the EPICenter Policy Manager for:
• Creating, modifying, and deleting network Quality of Service (QoS), access list, and Access-based
policies
• Configuring QoS profile settings on network devices
• Configuring network devices with the defined network policies
Using the Policy Manager
The Policy Manager provides a high-level interface for specifying QoS and access list rules for Extreme
Networks devices, and IP policies for Cisco devices. It is strongly recommended that you become
familiar with the concepts presented in Chapter 1 of this manual before you begin to create policies
through EPICenter on your network devices.
The Policy Manager is closely tied to the EPICenter Grouping applet, which is used to define the
network resources that can be used as endpoints or in the scope for a policy definition. Resources must
be set up through the Grouping applet prior to using them in a policy definition. You should be familiar
with the Grouping applet before you begin to define policies through the Policy Manager.
In addition, you must have Administrator or Manager access to create, modify, and configure policies
within the Policy Manager. If you have Monitor-level access only, you cannot use these functions.
To invoke the Policy Manager, click the Policy button in the Navigation Toolbar. The Policy Manager
main window is displayed (see Figure 200).
The Policy Manager is organized into two functional areas.
• Policies View, where you can create, view, and modify EPICenter policy definitions for Extreme
Networks devices. The organizing principle within the Policies View is the policy definition.
• The ACL Viewer, where you can view the access list and QoS rules generated by the Policy Manager
for the devices in your network. You cannot modify EPICenter policy definitions from within this
view. However, you can modify QoS configuration settings for Cisco devices. The organizing
principle within the ACL Viewer is the network device.
From either the Policies View or ACL Viewer, you can modify QoS profiles, change policy precedence,
and configure the currently-enabled policies on one or more devices.
EPICenter Software Installation and User Guide
409
Using the Policy Manager
When the Policy Manager applet first appears, the Policies View is selected, showing a summary of the
policies currently defined within the EPICenter Policy Manager. You can view the details of an
individual policy by selecting the policy in the component tree, or by double-clicking a policy entry in
the policy list in the main window of the applet.
From the Policies View you can create and modify access list and QoS rules. See “Policies View” on
page 411 for details on defining policies.
The buttons at the top of the page provide the following functions:
• New
lets you create new policy definitions. This button is available only in the Policies View.
• Save
lets you add a new policy definition to the database, or replace a modified policy. This
button is available only in the Policies View.
• Delete
removes the selected policy definition from the database. This button is available only in
the Policies View.
• Reset
abandons all modifications you have made to a policy definition, and restores the last
saved definition for the selected policy to the fields displayed in the Policy description page. This
button is available only in the Policies View.
• Auto is a toggled-state button that indicates whether auto-configuration is enabled or disabled.
When auto-configuration is enabled
any access list or QoS changes made within the Policy
Manager, any changes made within the Grouping Manager or Inventory Manager that affect the
endpoints or scoping of a policy, or any changes on a device that affect access list or QoS settings on
the device, will cause an immediate reconfiguration of all enabled policies on the network devices.
Access-based Security policies will be automatically configured only if the Auto-configuration mode
is activated.
When auto-configuration is disabled
device policy configuration occurs only when specifically
invoked using one the configure buttons (Config or Config All). See “Configuring QoS Policies” on
page 433 for important information on using the Auto-configuration feature. If you are using
Access-based Security policies and auto-configuration is disabled, these policies have to be
configured each time a user logs in over the network.
• Order
• Cfg All
lets you change the precedence of your policies relative to one another.
computes rules for your policies and configures them on all affected devices.
• Config
computes the set of access list and QoS rules that affect the devices you select, and
configures them on those devices. You can select an individual device or a group, and all policies
that have those devices in their scope will be configured. This button is available only in the ACL
Viewer.
• Profile
• Help
lets you modify the settings of the QoS profiles for a device or device port.
displays online help pages for the Policy Manager.
• Status
shows the status of a configuration operations due to automatic or directed
configuration.
410
EPICenter Software Installation and User Guide
Policies View
Each function is described in more detail in later sections of this chapter.
Policies View
The Policies View lets you create, view, and modify the policies managed by the EPICenter Policy
Manager. The Policies View organizes information by policy—information related to devices is
presented relative to the currently-selected policy.
To view the policies currently defined within the EPICenter Policy System, click the Policies radio
button just above the component tree. This displays a summary of the policies currently known to the
Policy Manager (see Figure 200).
Figure 200: Policy View in the Policy Manager
The component tree on the left shows the policies defined through the Policy Manager. The main applet
frame shows the definition and function of the selected elements.
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in precedence order.
• Name is the name of the policy.
• Type indicates the type of policy (Access-based security, IP, source physical port, or VLAN).
• Enabled indicates whether the policy is enabled. A green check ( ) indicates that the policy is
enabled. A red X ( ) indicates that the policy is not enabled. A policy that is not enabled will not be
configured on any devices, either automatically or when you start a configuration manually.
• Direction indicates whether rules are generated by this policy for traffic in one direction only, or are
generated for traffic in both directions.
EPICenter Software Installation and User Guide
411
Using the Policy Manager
— For Access-based Security policies, “network resources to users” indicates traffic going from the
endpoints specified in Network Resources side of the Policy Traffic area of the Policy Description
page, to the endpoints specified in the Users area. “Users to network resources” indicates traffic
flowing from user endpoint(s) to the network resource endpoint(s). “Bidirectional” indicates that
access list rules are generated for traffic in both directions. The default for these policies is the
“users to network resources direction”. The default choice gives a lower total number of ACLs
since bi-directional requires twice the number of rules as uni-directional.
— For IP policies, “server to client” indicates traffic going from the endpoints specified in Server
side of the Policy Traffic area of the Policy Description page, to the endpoints specified in the
Client area. “Client to server” indicates traffic flowing from client endpoint(s) to the server
endpoint(s). “Bidirectional” indicates that access list rules are generated for traffic in both
directions.
— For Source Port policies, the direction will always be “from source port.”
— For VLAN policies, the direction will always be “from VLAN.”
• Description displays the description, if any, that was entered when the policy was defined.
By default, the policy list is sorted by policy type. To sort based on the contents of a different column,
click the column header. Clicking a second time reverses the sorting sequence.
To view the specifications for an individual policy, you can do one of the following:
• Select the policy name in the component tree.
• Double-click anywhere within the policy entry in the policy list display.
This displays the Policy description page for the selected policy.
Policy Definition Page
The Policy Definition page displays the high-level definition of the selected policy, in terms of the
network elements (users, hosts, and L4 ports as appropriate) that define the traffic flow, and the devices
on which the policy is implemented.
Figure 201 shows the Policy Definition page for an Access-based Security policy.
412
EPICenter Software Installation and User Guide
Policies View
Figure 201: Policy definition page for an Access-based Security policy
The policy name and optional description are displayed at the top of the page.
The Policy Traffic section, shows the elements that define the traffic flow:
• The Policy Type radio buttons determine the type of rules that will be generated from the policy
description, and thus affect how the policy endpoints are specified.
• The rest of this area shows the network resources that define the traffic flow for the policy.
— In the Access-based Security policy example shown in Figure 201, the policy traffic specification
includes two lists of resources that define the “network resources” or left-side endpoints for the
policy, and the “users” or right-side endpoints. These resources are defined in the EPICenter
Inventory or Grouping applets, and may include hosts, custom applications, users, devices, and
ports, or groups of any of those resources.
For example, the resource shown in the Network Resources list in Figure 201 is a single host. The
resource in the Users list is a User group. If you have Administrator or Manager access, you can
use the Edit button to access the resources list and view the definition of the resource groups. You
can also view their definitions through the Grouping applet. For the Network Resources side, the
resources are mapped to specific IP addresses and ports, but for the Users side, the IP addresses
are determined dynamically at network login.
If you are entering a new IP policy, the left-side endpoints will be “servers” and the right-side
endpoints will be “clients.” For the purpose of generating access list rules, those resources are
mapped to specific IP addresses and ports for use as source and destination endpoints. These lists
may also show IP addresses that have been entered directly.
— The traffic specification for an Access-based Security policy includes a flow direction (network
resources to user, user to network resources, or bidirectional). This is used by the EPICenter
policy server to determine the source and destination for each traffic flow. In the example, the
traffic is unidirectional, from user to network resource, which is the default for Security policies.
EPICenter Software Installation and User Guide
413
Using the Policy Manager
This means that access list rules will be generated with the hosts listed on the network resources
side as the destinations, and users on the user side as the sources. (See “Policy Traffic Page” on
page 414 for an explanation of the traffic flows that this example generates.)
— The traffic specification for an Access-based Security policy also includes the specification of a
“network resource” on the network resource side, that can be used to define a protocol and an L4
port or port range, or a named application (which translates to a protocol and specific L4
port).You can define an L4 port for the userside as well, if needed.
— For an IP policy, the Policy Traffic section is similar to that for Access-based Security policies with
the substitution of “Servers” and “Clients”, for “Network resources” and “Users” respectively. IP
policies default to bi-directional.
— For a Source Port or VLAN policy, the Policy Traffic section is much simpler, showing you either
the network resources that define the source physical ports or the VLANs that are used to define
the traffic flow for the policy. Flow direction is not a factor in Source Port or VLAN QoS Policy
specifications.
See “Creating a New Policy” on page 416 for detailed information on specifying the endpoints for
defining policy traffic.
The Policy Access Domain (Scope for IP policies) section displays the network devices on which the
policy rules should be implemented. The devices can be specified individually, or as groups whose
member devices or device ports will be included in the domain. The policy domain also specifies the
QoS profiles that are implemented on each device for the specified traffic flows.
The Policy Access Domain (Scope for IP policies) display includes:
• The resources (devices or groups that contain devices) on which the policy should be implemented
• The type of the resource (Device or Group)
• The QoS profile that will be used for the device or devices specified by this resource
• An optional comment entered when the QoS profile is selected for the resource
The resources are displayed in order of precedence. Because the domain/scope can include groups as
well as individual device resources, it is possible that a device could be included more than once in the
domain/scope (as a member of multiple groups, for example) and the QoS profile setting of each of
those occurrences could conflict. Therefore, the order of the list determines the precedence in case of
QoS profile conflicts—the first occurrence of a device in the list determines the QoS profile that will be
used on that device.
See “Creating a New Policy” on page 416 for detailed information on specifying scope resources for a
policy.
Policy Traffic Page
The Policy Traffic page shows the actual traffic patterns derived from the Policy Traffic specification as
defined on the Policy Description page. Access-based Security policy traffic will not show on this page
unless the user endpoint is specified as a fixed IP address. Otherwise, the traffic will only show when
the user is actively logged in over the network. The diagram below shows an example for an IP policy.
For an Access-based Security policy, this page may be blank except when the user is logged into the
network. In the case where a user is assigned a specific IP address however, the page will look the same
as it does for an IP policy.
Figure 202 show the traffic patterns generated for the IP policy from Figure 201.
414
EPICenter Software Installation and User Guide
Policies View
Figure 202: Policy Traffic page
In Figure 201, the Policy Traffic specification consists of two Host groups as end points, (each containing
two hosts), a unidirectional traffic flow (server to client), and the service specification “UDP Any.” This
resulted in the four traffic flows shown in Figure 202.
• Protocol indicates the protocol specified for the traffic (TCP in the example).
• Dest IP is the destination IP address, derived from one of the host specifications.
• Dest Port is the L4 port associated with the destination IP address, if a port has been specified. An
asterisk indicates the specification “Any.”
• Src IP is the source IP address, derived from one of the host specifications.
• Src Port is the L4 port associated with the source IP address, if a port has been specified. An asterisk
indicates the specification “Any.”
EPICenter Software Installation and User Guide
415
Using the Policy Manager
Creating a New Policy
To create a network policy, follow these steps:
1 Select New
Figure 203.
from the toolbar. This displays a new Policy Definition page, as shown in
Figure 203: Policy description page for a new Access-based Security policy
Flow
direction (IP
and Security
policies only)
Policy
traffic
endpoint
selection
Service
filter
specification
(IP and
Security)
Policy
access
domain
selection
2 Enter a name for the policy (required) and a description of the policy (optional).
3 If you do not want this policy to be configured onto any devices, click the Enabled check box once
to remove the check mark and indicate that this policy should not be enabled. The presence of a
check in the box indicates that the policy will be enabled, which is the default state.
4 Select a schedule for this policy, if desired. Default is 24 hours a day, 7 days a week. You can check
desired days, set start time on the 24 hour clock, and set time periods from 0 to 168 hours. Scheduled
times are allowed to overlap (see Figure 204).
416
EPICenter Software Installation and User Guide
Creating a New Policy
Figure 204: Example of a schedul
e
5 Select the type of policy you want to create. The type of policy you choose will determine the type of
information you need to provide.
The policy type acts as a sort of template, requiring definition only of the components relevant to the
particular policy type.
Select the appropriate Policy Type as follows:
— select Type to generate access list rules for implementation on the devices in the policy scope.
— Select Security to specify the components of a policy for traffic between resources and
dynamically obtained user endpoints. A policy of this type will generate access list rules for
implementation of the devices in the access domain. These rules are generated whenever an
authorized user logs on and will be deleted when that user logs off.
— Select IP to specify the components of a policy for traffic between endpoints, such as a server and
specific clients or a particular service and server.
— Select VLAN to specify the components (VLANs) of a policy for traffic originating from the
member ports of one or more VLANs. A policy of this type will generate VLAN QoS rules for
implementation on the devices in the policy scope.
— Select Source Port to specify the components of a policy for traffic originating from specific
ingress ports. A policy of this type generates source physical port QoS rules for implementation
on the devices in the policy scope.
6 Specify the endpoints that will define the traffic flows to which this policy will apply.
For a Security policy: You must specify two sets of endpoints for a Security policy, which are
classified as network resources and users. The resources you select are typically hosts or users, but
do not need to be in a conventional “client-server” relationship. They simply represent the endpoints
(source and destination, translated to an IP address and port) of the traffic flow. You can specify
individual endpoints, or groups that contain the endpoints. The user end of the specification does
not need to have a specific IP address assigned to it, although it may.
You must also specify the traffic direction to which the policy should apply. The default for an
Access-based Security policy is user to resource.
For an IP policy: You must specify two sets of endpoints for an IP policy, which are classified as
servers and clients. The resources you select are typically hosts or users, but do not need to be in a
conventional “client-server” relationship. They simply represent the endpoints (source and
destination, translated to an IP address and port) of the traffic flow. You can specify individual
endpoints, or groups that contain the endpoints. You can also specify a subnet address or the “Any”
wildcard as an endpoint.
EPICenter Software Installation and User Guide
417
Using the Policy Manager
You must also specify the traffic direction to which the policy should apply. The default direction for
an IP policy is bidirectional.
For a Source Port policy: You must specify one or more devices and physical ports as source
endpoints. You can specify them individually or as groups that contain ports.
For a VLAN policy: You must specify the VLANs to which the policy should apply. You can specify
VLANs individually or as groups that contain VLAN members.
NOTE
You should not include the Management (Mgmt) or MacVlanDiscover VLANs as policy endpoints.
These VLANs cannot have policies associated with them.
7 To select one or more endpoints for any of the policy types, click the Edit... button that appears
either to the right or below the list of endpoint resources.
For a Security policy: Two Edit buttons are provided, one to the right of the Network Resources list,
and one to the right of the Users resource list, as shown in Figure 203
For an IP policy: Two Edit buttons are provided, one to the right of the Servers resource list, and
one to the right of the Clients resource list, similar to that shown in Figure 203.
For a VLAN or Source Port policy: The Edit button appears at the bottom of the Policy Traffic area,
below the Resource list.
a Click the appropriate Edit... button to display the Edit Policy Endpoints window, as shown in
Figure 205 and Figure 206. For a more detailed explanation of this window, see “Edit Policy
Endpoints Window” on page 423.
Figure 205: Edit Policy Endpoints window for the resources of Security policy
418
EPICenter Software Installation and User Guide
Creating a New Policy
Figure 206: Edit Policy Endpoints window for the Users side of an Access-based Security policy
The left panels of this window, Select Endpoints to be Added, displays the component tree
showing the resources currently defined in the Grouping applet. You can specify endpoints using
any of the available high-level resources: users, hosts, devices, VLANs, or groups of these
resources. The types you select will depend on the type of policy you are creating.
When you select a group in the component tree, its children (groups or individual resources) are
displayed in the associated Resource list (the right half of the Select Endpoints to be Added
area). Individual resources are displayed only if they are of types that can be used as endpoints
for the policy type you have selected.
The area on the right of the window Current Policy Endpoints, shows the resources that are
already selected as endpoints.
• Use the Add button to add selected resources to the Current Policy Endpoints list.
• Use the Add All button to add all the children of the group you have selected in the
component tree.
• Use the Remove button to remove selected resources from the Current Policy Endpoints list.
• Use the Remove All button to remove all resources from the Current Policy Endpoints list.
For an IP policy and for the Network Resources side of an Access-based Security policy: There
are two additional ways to create endpoints:
• Select Add IP Addr to specify an IP address directly. (This button will not appear if you are
creating VLAN or Source Port endpoints.) A small pop-up window appears, in which you can
enter an IP address and subnet mask into the fields provided. A subnet mask of 32 indicates a
host.
• Select Add Wildcard to add the endpoint specification “Any” to the Current Policy Endpoints
list. This indicates that any IP address will be accepted as a match for this policy endpoint.
(This button does not appear if you are creating VLAN or Source Port endpoints.)
b Click OK to close the Edit window and display the contents of the Current Policy Endpoints list
in the appropriate resource list in the Policy Traffic area.
c
Cancel closes the Edit window and abandons any changes you’ve made to the Current Policy
Endpoints list.
8 For a VLAN or Source Port policy: Your next step is to define the Policy Scope. Skip to Step 11 on
page 421 for instructions on specifying a scope for your policy.
EPICenter Software Installation and User Guide
419
Using the Policy Manager
9 Traffic direction for a Security or an IP policy: You must indicate whether this policy should affect
traffic flowing only in one direction between the endpoints, or whether it should affect traffic in both
directions. The directional selection buttons do not appear if you are creating VLAN or Source Port
endpoints.
Click the appropriate button to indicate the traffic flow directions to which this policy should be
applied (for IP policies, substitute server for network resource and substitute client for user):
• The top button (- - >) indicates that this policy should apply only to traffic flowing from the
network resource (left-side) endpoints to the user (right-side) endpoints. The network resource
endpoints will be considered the source, and the user endpoints will be considered the
destination in the access list rules created from this policy.
• The middle button (< - -) indicates that this policy should apply only to traffic flowing from the
user (right-side) endpoints to the network resource (left-side) endpoints. The user endpoints will
be considered the source, and the network resource endpoints will be considered the destination
in the access list rules created from this policy.
• The bottom button (< - - >) indicates that this policy should apply to all traffic flowing between
the user (right-side) endpoints and the network resource (left-side) endpoints, in either direction.
10 Server service and L4 ports for a Security or an IP policy: You may indicate a protocol service and
L4 (layer 4) ports that should be used as a filter when looking for traffic that matches the access list
criteria. You can specify this information by selecting a protocol and entering the L4 port numbers,
or you can select a predefined service or application that the policy server can translate to a protocol
and one or more L4 ports or you can use a group of the Custom Applications type. When using the
latter, you can group different types of ports as well as non-contiguous groups of ports.
The default is “IP Any” which specifies layer 3 traffic.
Specification of L4 ports for the client endpoints is optional.
These fields do not appear if you are creating VLAN or Source Port policies.
Figure 207 shows the portion of the Policy Definition window where you can make these selections.
This illustration shows the minimum specification if you select a service that translates to a port (or
set of ports) known to the EPICenter policy server.
Figure 207: Service and port selection area for a Security or an IP policy—basic specification
a To specify a service, select one from the drop-down list provided, as shown in Figure 208.
420
EPICenter Software Installation and User Guide
Creating a New Policy
Figure 208: Service selection for an IP policy
From this list you can select from the standard TCP, UDP, IP services, from Custom Applications,
or from specific named services (applications) that are known to the EPICenter policy server. In
the list shown in Figure 208, Baan is an example of such a service, and has been preconfigured
with a protocol and L4 port. If you select an application, the policy server will determine the L4
port from its pre-configured value in the EPICenter database.
The settings “Deny TCP SYN packets” and “Deny TCP SYN packets Any” are the same as the
ExtremeWare settings called “TCP permit established.” These settings specify that all new TCP
connections (as indicated by the presence of a Sync request) from the client endpoints to the
server will be denied (existing TCP sessions will continue). When you select either of the “Deny
TCP SYN packet” settings, the traffic direction is automatically set from client to server.
NOTE
When you select either of the Deny TCP SYN packets services, the QoS profiles for all devices in
your policy scope are automatically set to “blackhole” to accomplish the denial of new TCP traffic.
b To specify an L4 port or port range, enter a port number in the L4 Port Range field. Enter a single
port number, or a port range in the form <first_port>-<last_port>.
The L4 Port Range field appears only if you select a service that requires a port specification.
These selections are:
• Specify TCP port range
• Specify UDP port range
• Deny TCP SYN packets
The other selections either indicate any port (TCP Any, UDP Any, IP Any, Deny any TCP SYN
packets) or translate directly to an L4 port.
c
If you want to specify an L4 port for the client or user endpoints, click the Specify client L4 port
or the Specify user L4 port check box to display the client service selection fields. The drop-down
list of services is limited to the ability to specify TCP or UDP Any, or a TCP or UDP port range.
11 The last step is to define the access domain for a Security policy or scope for an IP policy—the
devices on which the access list rules should be implemented, along with the QoS profile that should
be associated with these rules.
EPICenter Software Installation and User Guide
421
Using the Policy Manager
Figure 209: Policy Access Domain display
The Policy Access Domain (Scope for IP policies) display includes:
• Each resource (device, or group that contains devices or ports) included in the scope
• The type of each resource (Device or Group)
• The QoS profile that will apply to the resource — to the individual device or to all the devices in
the group if the resource is a Group
• An optional comment you can enter when you select the QoS profile for the resource
The order in which the resources are displayed in the Policy Access Domain or Scope Resource list
determines their precedence. Precedence is significant when an individual device appears more than
once in the list (as a member of multiple groups, for example) and the QoS profile setting of each of
those occurrences is in conflict.
a To add a resource to the list (or to modify the list) click the Edit... button. The Edit Policy Access
Domain/Policy Scope Window is displayed, as shown in Figure 210.
Figure 210: Edit Policy Access Domain window
This window is similar to the Edit Policy Endpoints window described previously.
422
EPICenter Software Installation and User Guide
Edit Policy Endpoints Window
The left side of this window Select Policy Access Domain Devices to be Added, displays a
component tree showing the resources currently defined in the Grouping applet.
When you select a group in the component tree, its children (groups or individual devices) are
displayed in the associated Resource list (the right half of the Select Policy Access Domain Devices
to be Added area). You can select groups or devices as access domain resources. If you select a
group that does not contain any devices as children, the group is added as an access domain
resource, but will not actually have any effect on the policy access domain.
The area on the right of the window (Current Policy Access Domain Devices) shows the resources
you have already selected to include in the access domain for your policy.
• Use the Add button to add selected resources to the Current Policy Access Domain Devices list.
• Use the Add All button to add all the children of the group you have selected in the component
tree.
• Use the Remove button to remove selected resources from the Current Policy Access Domain
Devices list.
• Use the Remove All button to remove all resources from the Current Policy Access Domain
Devices list.
• You can select the Security QoS Profile that should be configured on the device for this policy by
selecting a resource in the Current Policy Access Domain Devices list, and then selecting a
profile from the drop-down list associated with that resource.
• Click OK to close the Edit window and display the contents of the Current Policy Endpoints list
in the appropriate resource list in the Access List (Policy Traffic for IP policies) area.
• Cancel closes the Edit window and abandons any changes you’ve made to the Current Policy
Endpoints list.
b Use the Up and Down buttons to change the precedence of the entries in the list.
• Select an entry and click the Up button to move it up in the list (giving it higher precedence).
• Select an entry and click the Down button to move it down in the list (giving it lower
precedence).
12 To save your new policy definition, click the Save
button.
If you attempt to leave the policy definition page without saving your new policy definition, a small
Confirm Save Policy Changes pop-up appears, asking if you want to save the changes (your new
policy).
• Click the Yes button to save the policy.
• Click No to abandon the policy
• Click Cancel to return to the Policy Definition page of the policy you were creating.
NOTE
If auto-configuration is enabled, this policy will be configured immediately on the network. This could
cause network problems if policy precedence relationships are not set correctly.
Edit Policy Endpoints Window
The Edit Policy Endpoints window, as shown in Figure 211, looks basically the same regardless of the
type of policy you are creating. The exception is the Add IP Addr and Add Any buttons that appear
only for a Security or an IP Policy endpoint. Note that these extra buttons only appear for the Network
EPICenter Software Installation and User Guide
423
Using the Policy Manager
Resources (left-hand) side for Security policies. If you are creating a VLAN or Source Physical Port
policy, these two buttons will not be present.
Figure 211: Edit Policy Endpoints window for a Security policy
The left side of this window (see Figure 211) Select Endpoints to be Added, displays the component
tree showing the resources currently defined in the Grouping applet. You can specify endpoints using
any of the available high-level resources: Users, hosts, custom applications, devices, VLANs, or groups
of these resources. The types you can select will depend on the type of policy you are creating.
The area on the right of the window (see Figure 211) Current Policy Endpoints, shows the resources
that are already selected as endpoints.
When you select a group in the component tree, its children (groups or individual resources) are
displayed in the associated Resource list (the right half of the Select Endpoints to be Added area).
Individual resources are displayed only if they are of types that can be used as endpoints for the policy
type you have selected. For example, if you are creating a VLAN policy, the Select Endpoints to be
Added list will only display groups and VLAN resources.
• Select one or more individual resources or groups from the Resources list, and click the Add button
to add them to the Current Policy Endpoints list.
• Click the Add All button
in the component tree.
to add all the resource children of the group you have selected
• To remove resources from the Current Policy Endpoints
list, select one or more resources and click the Remove button
• To remove all resources from the Current
Policy Endpoints list, click the Remove All button
424
.
.
EPICenter Software Installation and User Guide
Edit Policy Access Domain/Policy Scope Window
For an IP or Security policy: There are two additional ways to create endpoints for an IP or Security
policy:
• Select Add IP Addr
to specify an IP address directly. (This button will not appear if you
are creating User-side Security, VLAN or Source Port endpoints.) A small pop-up window appears,
as shown in Figure 212.
Figure 212: Add an IP address as an endpoint for an IP policy
a Enter an IP address and subnet mask into the fields provided.
The subnet mask is used to set parts of the IP address to zero. A subnet mask of 32 indicates a
host (all 32 bits of the address are used). A subnet mask of 24 is typically used to indicate a
subnet address, and sets the last (right-most) address component (the least significant eight bits)
to zero, leaving the other 24 bits as is. You can enter any number of bits as the subnet mask.
b Click OK to add it to the Current Policy Endpoints list.
• Select Add Wildcard
to add the endpoint specification “Any” to the Current Policy
Endpoints list. This indicates that any IP address will be accepted as a match for this policy
endpoint. (This button does not appear if you are creating User-side Security, VLAN or Source Port
endpoints.)
NOTE
You cannot have both the wildcard endpoint specification and individual endpoint specifications in
the Current Policy Endpoints list, as individual endpoints are redundant with the “Any” specification. If
you specify Add Wildcard when there are other endpoints in the list, the Policy Manager will display
a warning, and will remove the other endpoints if you elect to continue.
Further, if you attempt to add an individual endpoint specification when the Current Policy Endpoint
specification is “Any,” the Policy Manager will display a warning, and remove the wildcard
specification if you elect to continue.
• When you have finished adding resources to the Current Policy Endpoints list, click the OK button
at the bottom of the window. This closes the Edit window and displays the contents of the Current
Policy Endpoints list in the appropriate resource list in the Policy Traffic area.
Click Cancel to close the Edit window and abandon any changes you’ve made to the Current Policy
Endpoints list.
Edit Policy Access Domain/Policy Scope Window
The Edit Policy Access Domain (shown in Figure 210) and Edit Policy Scope windows (shown in
Figure 213), are very similar to the Edit Policy Endpoints Window.
EPICenter Software Installation and User Guide
425
Using the Policy Manager
Figure 213: Edit Policy Scope window
The left side of this window Select Policy Access Domain Devices to be Added, or Select Policy Scope
Devices to be Added displays a component tree showing the resources currently defined in the
Grouping applet.
When you select a group in the component tree, its children (groups or individual devices) are
displayed in the associated Resource list (the right half of the Select Policy Access Domain Devices to
be Added or Select Policy Scope Devices to be Added area). You can select groups or devices as scope
resources. If you select a group that does not contain any devices as children, the group is added as an
access domain resource, but will not actually have any effect on the policy access domain.
The area on the right of the window Current Policy Access Domain Devices, shows the resources you
have already selected to include in the access domain for your policy.
1 Add or remove resources from the Current Policy Access Domain Devices list:
• Select one or more individual resources or groups from the Devices list, and click the Add button
to add them to the Current Access Domain Devices list.
• Click the Add All
button to add all the resource children of the group you have
selected in the component tree.
• To remove selected resources from the Current Domain
Devices list, select the resources and click the Remove button
• To remove all resources from the Current Policy
Domain Devices list, click the Remove All button
.
.
2 In addition to selecting resources, you can select the QoS Profile that should be configured on the
device for this policy.
a Select a resource in the Current Policy Access Domain Devices list.
426
EPICenter Software Installation and User Guide
Modifying Policies
b Click the entry in the QoS Profile column for the selected resource, or in the QoS Profile field
below the list. In either case, a drop-down list of the available QoS profiles is displayed, from
which you can select the profile you want to associate with this policy.
c
To enter a comment about this resource, enter it in the Comment field below the resource list.
NOTE
For devices running older versions of ExtremeWare (prior to 6.x) only four QoS profiles (QP1-QP4)
are supported. If you select a profile that is not supported on the device you are configuring, your
selection will be ignored.
3 When you have finished adding resources to the Current Policy Access Domain Resources list, click
the OK button at the bottom of the window. This closes the Edit window and displays the contents
of the Current Policy Scope Resources list in the appropriate resource list in the Policy Traffic area.
Click Cancel to close the Edit window and abandon any changes you have made to the Current
Policy Scope Resources list.
Modifying Policies
To modify a network policy, you follow the same steps you use to create a policy, but you start with the
settings of the current policy. You can change any of the policy settings, including the policy name and
policy type.
To modify a policy, follow these steps:
1 Click the Policies radio button just above the component tree to display a summary of the policies
currently known to the Policy Manager.
2 Select the policy you want to modify either in the component tree or from the list of policies. This
displays the Policy Description page for the selected policy, as shown in Figure 214.
EPICenter Software Installation and User Guide
427
Using the Policy Manager
Figure 214: Policy Definition page for an existing source port policy
3 To change the policy name, type the new name in the Name field.
4 To enable or disable the policy, click the Enabled checkbox to add or remove the check mark. The
presence of the check indicates that the policy is in the enabled state.
5 To enter or change the description for this policy, just type the new text into the Description field.
6 To change the policy type, click the appropriate Policy Type selector.
NOTE
If you change the policy type, the contents of the Policy Traffic fields will change. The current entries
in the traffic resource list(s) are removed, although they will still appear in the Current Policy
Endpoints list in the Edit Policy Endpoints window. However, if they are not valid endpoint types for
the new policy type, they will not be added to the endpoint resource lists, and you will need to select
new endpoints for your policy.
7 To modify the list of endpoints for any of the policy types, click the Edit... button that appears either
to the right or below the list of endpoint resources.
This displays the Edit Policy Endpoints Window discussed in detail on page 423.
• Add resources to or remove them from the Current Policy Endpoints list. See “Edit Policy
Endpoints Window” on page 423 for more detailed information about this window.
• Click the OK button to closes the Edit window and displays the modified contents of the Current
Policy Endpoints list in the appropriate resource list in the Policy Traffic area.
• Click Cancel to close the Edit window and abandon any changes you have made to the Current
Policy Endpoints list.
428
EPICenter Software Installation and User Guide
Deleting a Policy
8 To modify the access domain or policy scope click the Edit... button to the right of the Policy Scope
resource list. The Edit Policy Access Domain/Policy Scope Window is displayed. This window is
discussed in detail in “Edit Policy Endpoints Window” on page 423.
The left side of this window (Select Network Resource Endpoint(s) to be Added) displays the
resources currently defined in the Grouping applet.
• Add resources to or remove them from the Current Policy Scope Resources List. See “Edit Policy
Access Domain/Policy Scope Window” on page 425 for more information.
• Modify the QoS Profile that should be configured on the device for this policy by selecting a
resource in the Current Policy Scope Resources list, and then selecting a profile from the
drop-down list associated with that resource.
• Click OK to close the Edit window and display the contents of the Current Policy Endpoints list
in the appropriate resource list in the Policy Traffic area.
• Cancel closes the Edit window and abandons any changes you have made to the Current Policy
Endpoints list.
• To change the precedence of an entry in the Policy Scope resources list, select the entry and use
the Up or Down buttons to move it in the list. Moving it up will give it higher precedence;
moving it lower will reduce its precedence.
The order in which the resources are displayed in the Policy Scope Resource list determines their
precedence. If individual device appears more than once in the list (as a member of multiple
groups, for example) and the QoS profile setting of each of those occurrences is in conflict, the
first occurrence of the device in the list will determine which profile will be used.
9 To save your modified policy definition, click the Save
button.
If you attempt to leave the policy definition page without saving your changed, a small Confirm
Save Policy Changes pop-up appears, asking if you want to save the changes.
• Click Yes to save your changes.
• Click No to abandon your changes.
• Click Cancel to return to the Policy Definition page of the policy you were modifying.
Deleting a Policy
Use the Delete policy button
to delete the currently selected policy. A pop-up window appears
asking for confirmation of the deletion.
Click Yes to proceed with the deletion, or No to cancel the operation.
Resetting a Policy
Use the Reset policy button
to undo the changes you have made to a policy definition at any time
before you save it. The reset operation returns the settings of the policy to the last saved settings for the
policy. In the case of a new policy, it will remove all policy settings.
EPICenter Software Installation and User Guide
429
Using the Policy Manager
Configuring Policy Precedence
To configure the precedence settings of your
policies, click the Order Policy Precedence button
as shown in Figure 215.
to display the Order Policy Precedence window
Figure 215: Order Policy Precedence window
Policies are displayed in the Configure Policy Precedence window in their current precedence order,
from highest at the top to lowest at the bottom. The top entry in the list has the highest priority, the last
entry has the lowest priority. In the case where multiple policies could apply to the same traffic flow,
the policy with higher priority is used by the switch over policies of lower priority.
The policy precedence defined in this window only controls the relationships between policies of the
same type. Policies of different types have a predefined precedence relationship: Security and IP QoS
policies are the highest priority, Source Port QoS policies are second, and VLAN QoS policies have the
lowest priority. For Security and IP policies, the precedence can be manipulated between the two types
since they are of similar type in this respect. For VLAN and source port policies, you can only
manipulate its precedence relative to other policies of the same type.
If all other precedence variables are equal, and you do not change the precedence order explicitly, then
precedence is determined by the time of creation, with the policy created last having the lowest
precedence, and will appear at the bottom of the list.
• To change the precedence of a policy, select the policy, and click the appropriate Up or Down arrow
button to move the policy higher or lower in the list. Move a policy up in the list to give it priority
over the policies below it in the list. Move it lower in the to reduce its priority relative to other
policies.
• Clicking Cancel at any time prior to clicking OK will restore the precedence settings to those
currently in effect relative to the selected policy.
• Click the OK button to save the changes for the affected policies.
430
EPICenter Software Installation and User Guide
Viewing and Modifying QoS Profiles
Viewing and Modifying QoS Profiles
QoS profiles cannot be added, deleted, or renamed. You can change the priority and bandwidths of each
of the eight profiles, QP1 through QP8, and configure your modified profiles on a selected set of
devices, or on individual ports on a device.
You cannot change the settings of the “blackhole” profile, which is set to priority “deny” and does not
use the minimum or maximum bandwidth settings.
To view or change the current QoS profile definitions
in the Policy System, click the Configure QoS profiles button
Profiles window (see Figure 216).
. This displays the Configure QoS
The Configure QoS Profiles window is similar to the Edit Policy Endpoints window shown in
Figure 205 and discussed in detail on page 418.
Figure 216: Configure QoS Profiles window
To modify the settings or device scope of a QoS profile, follow these steps:
1 Select the profile you want to modify from the drop-down menu.
The default definitions for the eight QoS profiles you can configure are shown in Table 12.
Table 12: Default QoS Profile Settings
QoS Treatment Name
Priority
Min Bandwidth
Max Bandwidth
QP1
low
0
100%
QP2
lowHi
0%
100%
QP3
normal
0%
100%
QP4
normalHi
0%
100%
QP5
medium
0%
100%
EPICenter Software Installation and User Guide
431
Using the Policy Manager
Table 12: Default QoS Profile Settings (continued)
QoS Treatment Name
Priority
Min Bandwidth
Max Bandwidth
QP6
mediumHi
0%
100%
QP7
high
0%
100%
QP8
highHi
0%
100%
NOTE
For devices running older versions of ExtremeWare (prior to 6.x) only four QoS profiles (QP1-QP4)
are supported. Their priorities are low, normal, medium, and high. If you select a profile that is not
supported on the device you are configuring, the profile will not be configured on the device.
2 To change the minimum bandwidth for the profile, type a value into the Min Bandwidth field. The
value must be between 0 and 89, and less than or equal to the value you plan to use for maximum
bandwidth.
NOTE
The sum of all minimum bandwidth cannot be greater than 90%.
3 To change the maximum bandwidth for the profile, type a value into the Max Bandwidth field. The
value must be between 0 and 100, and greater than or equal to the minimum bandwidth specified in
the previous field.
4 To change the priority, select one of the eight priorities (low, lowHi, normal, nornalHi, medium,
mediumHi, high, highHi, or deny) from the drop-down menu in the Priority field.
5 To specify the devices or ports on which this modified profile should be configured, select devices or
groups from the Select Resources to be Added part of the window, and move them to the Resource
Results list.
The Select Resources to be Added part of the window shows the resources currently defined in the
Grouping applet.
When you select a group in the component tree, its children (groups or individual devices) are
displayed in the associated Resource list (the right half of the Select Resources to be Added area).
You can select groups, individual devices, or individual ports as resources on which the QoS profile
should be configured. If you select a group that does not contain any devices as children, the group
is added to the Resource Results list, but will not affect the QoS profile configuration.
• Select one or more individual resources or groups from the Select Resources to be Added list, and
click the Add button to add them to the Resource Results list.
• Click the Add All button to add all the resource children of the group you have selected in the
component tree.
• To remove resources from the Resource Results list, select one or more resources and click the
Remove button.
• To remove all resources from the Resource Results list, click the Remove All button.
To view the QoS profiles currently configured on a device, use the ACL Viewer, select a device in the
component tree, and then select the QoS Profile tab to view the current device configuration.
432
EPICenter Software Installation and User Guide
Configuring QoS Policies
Configuring QoS Policies
There are several ways to configure your enabled policies onto the affected devices:
• Auto Configuration: You can have the EPICenter server make configuration changes on the affected
devices any time it detects a change.
• Directed Configuration: You explicitly direct that configuration changes should be made by
invoking the configuration function. You can direct a configuration operation for an individual
device or for all devices.
Policies that are not enabled are not configured on any devices through either of these methods.
Auto Configuration
If auto configuration is enabled
, any changes you make within the EPICenter software may
trigger an immediate recomputation and reconfiguration of the QoS policies on your network. When
auto-configuration is enabled, a policy reconfiguration may be triggered by any of the following events:
• Changes to group memberships made through the Grouping Manager or Inventory Manager that
affect a group used to define a policy endpoint or policy scope
• Network login/802.1x user login/logout
• Changes made through the ExtremeWare CLI or ExtremeWare Vista on a device managed by the
EPICenter server
• A user login or end station reboot when DLCS is enabled
• Saving a change to a policy within the Policy Manager
The status icon
displayed in the upper right corner of the Policy Manager indicates that the
configuration is occurring (see “Configuration Status” for details).
If auto configuration is disabled
, you must explicitly perform the configuration process. In this
mode, policies can be created or modified and saved, but they are not configured on the network until a
directed configuration (Config or Config All) is done.
NOTE
It is strongly recommended that you disable auto configuration while editing multiple policy definitions or
changing the precedence of policies, especially if they involve the “blackhole” profile (deny access).
With auto configuration enabled, each change is configured on the network immediately as the
individual policy is changed, possibly before the appropriate precedence relationships have been
established. This could cause serious network connectivity problems. After all changes have been
made, you can re-enable auto configuration so that all configuration changes will be made only after the
correct precedence relationships have been established.
Configuration Status
When an automatic configuration operation occurs the configuration status icon, shown at the upper
right corner of the Policy Manager, displays an animated status indication of the progress of the
configuration.
• First, the Policy Manager must compute the access list and QoS rules based on your policy
definitions. This is indicated by
an animated display of the following graphic:
EPICenter Software Installation and User Guide
433
Using the Policy Manager
• Second, the Policy Manager applies the computed policies to the device (those policies that are valid,
and not in conflict with any other
policies). This is indicated with another animated display:
When the configuration is complete, the icon returns to its quiescent state. You can use the ACL Viewer
to view the results of the policy configuration.
Directed Configuration
You can configure policies on a selected device or group of devices, or on all devices known to the
EPICenter server in one operation.
• From the ACL Viewer, you can configure policies on selected devices.
Select the device or group in the component tree, and click the Config button.
• To configure all policies on all devices at once, click the Cfg All button
either the Policies View or from the ACL Viewer.
.
. You can do this from
In either case, a pop-up window appears asking for confirmation of the configuration.
Click Yes to proceed with the configuration, or No to cancel the operation.
A message window (shown in Figure 217) pops up to show you the progress of the configuration.
Figure 217: Message window showing policy configuration progress
Devices are listed followed by a small purple rotating clock icon
in progress.
while the configuration function is
• When a configuration has been successful, the clock turns into a green checkbox
• If the configuration fails, the clock turns into a red X
.
and the device name is displayed in red.
The indicators just below the tree area of the window show the number of devices currently in each
state.
To see the messages related to the configuration function (either successful or unsuccessful), select a
device in the list. The messages related to the device are displayed as lines under the device node.
434
EPICenter Software Installation and User Guide
Configuring QoS Policies
• Click the plus sign at the left of the device name to display server messages related to configuring
the device.
• Click the minus sign at the left of the device to hide the server messages.
• The up and down arrow buttons let you move up and down the device tree, displaying the server
messages associated with each device.
• If you check the Errors Only box, the up and down arrow buttons will expand only devices that had
errors.
• The Collapse All button collapses all the device nodes, hiding all the server messages.
EPICenter Software Installation and User Guide
435
Using the Policy Manager
436
EPICenter Software Installation and User Guide
20 The ACL Viewer
This chapter describes how to use the EPICenter Policy Manager for:
• Viewing the policy configurations currently configured on Extreme devices
• Viewing the policy configurations specified for a device through the EPICenter Policy Manager
• Comparing policy configurations specified within the EPICenter Policy Manager with the policies
currently configured on a device
• Setting up IP policies on Cisco devices managed by the EPICenter server
The ACL Viewer lets you view information about the policies you’ve specified for the devices in your
network:
• The traffic patterns computed from the policies you have defined.
• The actual access list or QoS rules generated by the EPICenter Policy Manager, based on the policies
you have defined. It also shows the rules currently configured on a selected device, and lets you
compare the actual rules with the rules generated by the Policy Manager based on your policy
definitions. Rules for Access-based Security policies will normally only be displayed while the users
are logged into the network.
• The QoS Profile settings for the devices managed by the EPICenter server.
The ACL Viewer shows information about the policies you’ve defined, even if they have not been
configured on the network. Thus, you can use the ACL Viewer to preview the rules you’ve specified
before they take effect on your network.
The ACL Viewer organizes information by device scope—information related to a policy is presented
relative to the currently-selected resource (device or group).
To invoke the Policy Manager, click the Policy button in the Navigation Toolbar. When the Policy
Manager applet first appears, the Policies View is selected.
To view the access list and QoS rules currently defined for devices managed by the EPICenter Policy
Manager, click the ACL Viewer radio button just above the component tree. The ACL Viewer also
displays Network Login/802.1x activity for a specific device, slot, or port.
The ACL Viewer displays the Access List summary view for the top level of the component tree (the
Groups node) as shown in Figure 218. The Access List summary view provides an overview of the IP
policies defined in the Policy Manager, as related to their scope definitions.
EPICenter Software Installation and User Guide
437
The ACL Viewer
Figure 218: Top-level Access List view in the ACL Viewer
From either the Policies View or ACL Viewer, you can modify the QoS profiles, change policy
precedence, and configure the currently-enabled policies on one or more devices.
ACL Viewer Summary Displays
When the Groups node is displayed in the ACL Viewer, you can view a summary of the rules created
for Access Lists, VLAN QoS, and Source Port QoS.
The format of each of these displays is the same, and is organized by policy scope—one entry for each
policy and scope resource (device or group). If a policy has multiple scope resources, each has a
separate entry. For example, in Figure 218, the policy ip1 is scoped on two individual devices, so there
are two entries in the list for that policy.
Each entry in the summary display shows the following:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in precedence order.
• Policy is the name of the policy.
• Scope shows the scope resource (device or group) and its associated QoS profile.
• Enabled indicates whether the policy is enabled for this policy scope. A green check ( ) indicates
that the policy is enabled. A red X ( ) indicates that the policy is not enabled. A policy that is not
enabled will not be configured on the devices within the scope, either automatically or when you
start a configuration manually.
The Access List display shows IP and Security policies only. If the Security policy allows the system to
dynamically determine the IP at network login, then those policies will only appear while the user is
438
EPICenter Software Installation and User Guide
Access List Display
logged into the network. The VLAN QoS page display shows VLAN policies, and the Source Port QoS
page shows Source Port policies.
Access List Display
You can use the Access List display to view traffic patterns and access list rules generated by your
EPICenter IP policies and active Security policies. At the group level, you can view the traffic patterns
generated by all the IP and Security policies that include a selected group in the policy scope or
domain. At the individual device level, you can view all the access rules generated by EPICenter
policies for an Extreme i-series device or a Cisco device, as well as the policies actually configured on
the device. Most Security policies are shown only while the user is actively connected to the network.
NOTE
IP policies can only be configured on Extreme Networks devices running ExtremeWare versions 5.0x or
6.0.x or later. Non-i-series devices only support IP policies if they run ExtremeWare 5.0x. (All Extreme
Networks devices support VLAN QoS.) IP policies are also supported on Cisco devices.
• To display the traffic patterns generated by the IP and Security policies that include the group in the
policy scope, select a group in the component tree.
The Access List page shows all the traffic patterns generated by any IP and Security policies that have
the selected group in its scope (see Figure 219).
Figure 219: Traffic patterns generated from IP policies for scoped devices
EPICenter Software Installation and User Guide
439
The ACL Viewer
The display includes the following information:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in precedence order.
• Policy displays the name of the policy.
• Protocol indicates the protocol specified for the traffic (UPD, TCP, etc. in the example).
• Dest IP is the destination IP address, derived from one of the host specifications.
• Dest L4 Port is the L4 port associated with the destination IP address, if a port has been specified.
An asterisk indicates the specification “Any.”
• Src IP is the source IP address, derived from one of the host specifications.
• Src L4 Port is the L4 port associated with the source IP address, if a port has been specified. An
asterisk indicates the specification “Any.”
• Profile is the QoS profile that applies to this traffic flow.
• Status indicates whether the traffic pattern is unique or if it duplicates another traffic pattern.
If a rule is a duplicate, only one of the duplicate rules is used to configure the device. The rule used
is based on the precedence of the duplicate rules.
To view the access list rules related to a specific device, select the device. If the device supports IP and
Security policies (Extreme devices running 5.0x, 6.1 or later, or Cisco devices), the Access List page
displays a comparison of the “ideal” access list rules (rules generated by the EPICenter Policy Manager
based on your policy definitions) and the rules actually configured on the device, as shown in
Figure 220.
Figure 220: AccessList display showing rules for an i-series device
The View field at the top of the display lets you select how you want to view the device rules. You can
view the Access List rules in three ways:
• Select Compare policy and configured rules from the drop-down list to compare the
EPICenter-generated rules with the rules configured on the device (as shown in Figure 220).
440
EPICenter Software Installation and User Guide
Access List Display
• Select View policy rules from the drop-down list to display the EPICenter rules only.
• Select View configured rules from the drop-down list to display the configured rules only.
Policy Rule Comparison
The policy rule comparison display shows both the ideal rules, as generated by the EPICenter Policy
Manager (shown in the left half of the table) and the configured rules as they exist on the device, shown
in the right half of the table.
The rows in the comparison display are displayed in colors that indicate the status of the rule:
• Green indicates that the rule is a valid rule (is not in conflict with a rule already on the device), but
that it has not been configured on the device. Only the Ideal side of the table is filled in for these
rules.
• White indicates that the rule is valid, and has been configured on the device. Both the Ideal and
Configured sides of the table are filled in.
• Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured
on the device. Two rules conflict when the traffic patterns for the rule are the same but the treatment
specified (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in.
• Blue indicates that the rule is configured on the device, but it was not generated by the EPICenter
Policy Manager. Only the Configured side of the table is filled in for these rules.
The columns in the display show information as follows:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header sorts the policies in precedence order.
• Policy displays the name of the policy.
• Ideal Traffic is a policy traffic definition specified for this policy. The summary in this field includes
the protocol, the In Ports, the destination IP address and ports, and the source IP address and ports.
• Ideal Profile is the QoS profile specified in the Policy Manager for this traffic flow.
• Ideal Rule Precedence is the precedence specified for the rule by the Policy Manager.
• Config Rule displays the name of the rule on the device (as specified either through the Policy
Manager or through the ExtremeWare CLI).
• Config Traffic is the traffic definition to which this rule applies. The summary in this field includes
the protocol, the ingress ports (In Ports) on the switch, the destination IP address and ports, and the
source IP address and ports.
• Config Profile is the QoS profile applied to this traffic flow.
• Owner indicates how the rule was generated. If the rule was configured by the Policy manager, the
owner will be EPICenter. If the rule was configured through the ExtremeWare CLI or through
ExtremeWare Vista, then no owner name is set.
• Config Rule Precedence is the precedence specified for the rule, either by the Policy Manager or
through the ExtremeWare CLI.
EPICenter Software Installation and User Guide
441
The ACL Viewer
View Policy Rules
The Policy Rules display shows details of the ideal rules, as generated by the EPICenter Policy Manager.
The information in this display is as follows:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header sorts the policies in policy precedence order.
• Policy displays the name of the policy.
• Protocol indicates the protocol specified for the traffic (UPD, TCP, etc. in the example).
• In Ports shows the switch ingress ports specified for this rule on this device.
• Dest IP is the destination IP address, derived from one of the host specifications.
• Dest L4 Port is the L4 port associated with the destination IP address, if a port has been specified.
An asterisk indicates the specification “Any.”
• Src IP is the source IP address, derived from one of the host specifications.
• Src L4 Port is the L4 port associated with the source IP address, if a port has been specified. An
asterisk indicates the specification “Any.”
• Rule Precedence is the precedence value assigned to the rule by the Policy Manager.
• Profile is the QoS profile specified for this traffic flow by this policy.
• To be used indicates whether the rule is acceptable for configuration on the device (not in conflict
with any other rules). Values for this column are:
— Yes, the rule can be used.
— No (duplicated) indicating that the rule duplicates another rule.
— No (disabled) indicating that the policy is disabled.
View Configured Rules
The Configured Rules display shows details of the rules that are actually configured on the device,
either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this display
is as follows:
• Rule displays the name of the rule.
• Protocol indicates the protocol specified for the traffic.
• In Ports shows the switch ingress ports specified for this rule on this device.
• Dest IP is the traffic destination IP address.
• Dest L4 Port is the L4 port associated with the destination IP address, if a port has been specified.
An asterisk indicates the specification “Any.”
• Src IP is the traffic source IP address.
• Src L4 Port is the L4 port associated with the source IP address, if a port has been specified. An
asterisk indicates the specification “Any.”
• Rule Precedence is the precedence value assigned to the rule.
• Profile is the QoS profile that applies to this traffic flow.
• Owner indicates how the rule was generated. If the rule was configured by the Policy Manager, the
owner will be EPICenter.
442
EPICenter Software Installation and User Guide
VLAN QoS Display
VLAN QoS Display
You can use the VLAN QoS display to view traffic patterns and access list rules generated by your
EPICenter VLAN QoS policies. At the group level, you can view the traffic patterns generated by all the
VLAN QoS policies that include a selected group in the policy scope. At the individual device level, you
can view all the VLAN QoS rules generated by VLAN QoS policies for Extreme devices, as well as the
policies actually configured on the device. VLAN QoS is supported on both i-series and non-i-series
devices.
• To display the traffic patterns generated by the VLAN QoS policies that include the group in the
policy scope, select a group in the component tree.
The VLAN QoS page shows all the traffic patterns generated by any VLAN QoS policies that have the
selected group in its scope (see Figure 221).
Figure 221: Traffic patterns generated from VLAN QoS policies for scoped devices
The display includes the following information:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in precedence order.
• Policy displays the name of the policy.
• VLAN is the VLAN for which this policy is specified.
• Profile is the QoS profile that applies to this VLAN.
• Status indicates whether the traffic pattern is unique or if it duplicates another traffic pattern.
To view the VLAN QoS rules related to a device, select the individual device. The VLAN QoS page
displays a comparison of the “ideal” VLAN QoS rules (rules generated by the EPICenter Policy
EPICenter Software Installation and User Guide
443
The ACL Viewer
Manager based on your policy definitions) and the rules actually configured on the device, as shown in
Figure 222.
Figure 222: VLAN QoS display showing ideal and configured rules for a device
The View field at the top of the display lets you select how you want to view the device rules. You can
view the Access List rules in three ways:
• Select Compare policy and configured rules from the drop-down list to compare the
EPICenter-generated rules with the rules configured on the device (as shown in Figure 220).
• Select View policy rules from the drop-down list to display the EPICenter rules only.
• Select View configured rules from the drop-down list to display the configured rules only.
Policy Rule Comparison
The VLAN QoS policy rule comparison display shows both the ideal rules, as generated by the
EPICenter Policy Manager (shown in the left half of the table) and the configured rules as they exist on
the device, shown in the right half of the table.
The rows in the comparison display are displayed in colors that indicate the status of the rule:
• White indicates that the rule is valid, and has been configured on the device. Both the Ideal and
Configured sides of the table are filled in.
444
EPICenter Software Installation and User Guide
Source Port QoS Display
• Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured
on the device. Two rules conflict when the traffic patterns for the rule are the same but the treatment
specified (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in.
• Blue indicates that the rule is configured on the device, but it was not generated by the EPICenter
Policy Manager. Only the Configured side of the table is filled in for these rules.
The columns in the display show information as follows:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in policy precedence order.
• Policy displays the name of the policy.
• Ideal Rule VLAN is the VLAN specified by this policy.
• Ideal Rule Profile the QoS profile specified for this traffic flow by this policy.
• Config Rule VLAN is the VLAN to which the QoS rule applies.
• Config Rule Profile is the QoS profile that applies to this VLAN.
View Policy Rules
The Policy Rules display shows details of the Ideal Source Port QoS rules, as generated by the
EPICenter Policy Manager. The information in this display is as follows:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in policy precedence order.
• Policy displays the name of the policy.
• VLAN is the VLAN specified by this policy.
• Profile is the QoS profile that is specified for this VLAN by this policy.
• To be used indicates whether the rule is acceptable for configuration on the device (not in conflict
with any other rules). Values for this column are:
— Yes, the rule can be used.
— No (duplicated) indicating that the rule duplicates another rule.
— No (disabled) indicating that the policy is disabled.
• View Configured Rules
The Configured Rules display shows details of the VLAN QoS rules that are actually configured on the
device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this
display is as follows:
• VLAN specifies the VLAN to which the VLAN QoS rule applies.
• Profile is the QoS profile that applies to this traffic flow.
Source Port QoS Display
You can use the Source Port QoS display to view traffic patterns and Access List rules generated by
your EPICenter Source Port QoS policies. At the group level, you can view the traffic patterns generated
by all the Source Port QoS policies that include the selected group in the policy scope. At the individual
device level, you can view all the Source Port QoS rules generated by EPICenter policies for an Extreme
i-series device, as well as the policies actually configured on the device.
EPICenter Software Installation and User Guide
445
The ACL Viewer
NOTE
Source Port QoS policies can only be configured on Extreme Networks devices running ExtremeWare
versions 5.0x or 6.x or later. Non-i-series devices only support Source Port QoS if they run
ExtremeWare 5.0x.
• To display the traffic patterns generated by the Source Port QoS policies that include the group in
the policy scope, select a group in the component tree.
The Source Port QoS page shows all the traffic patterns generated by any Source Port QoS policies that
have the selected group in its scope (see Figure 221).
Figure 223: Traffic patterns generated from Source Port QoS policies for scoped devices
The display includes the following information:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in policy precedence order.
• Policy displays the name of the policy.
• Source Port is the device and port for which this policy is specified.
• Profile is the QoS profile that applies to this VLAN.
• Status indicates whether the traffic pattern is unique or if it duplicates another traffic pattern.
Each port is listed separately in the table, as a rule is generated for each port specified by the policy,
even if they are specified in a single policy definition in the Policy Manager.
446
EPICenter Software Installation and User Guide
Source Port QoS Display
To view the Source Port QoS rules related to a device, select the device. The Source Port QoS page
displays a comparison of the “ideal” Source Port QoS rules (rules generated by the EPICenter Policy
Manager based on your policy definitions) and the rules actually configured on the device, as shown in
Figure 222.
Figure 224: Source Port QoS display showing ideal and configured rules for a device
The View field at the top of the display lets you select how you want to view the device rules. You can
view the access list rules in three ways:
• Select Compare policy and configured rules from the drop-down list to compare the
EPICenter-generated rules with the rules configured on the device (as shown in Figure 220).
• Select View policy rules from the drop-down list to display the EPICenter rules only.
• Select View configured rules from the drop-down list to display the configured rules only.
Policy Rule Comparison
The Source Port QoS policy rule comparison display shows both the Ideal rules, as generated by the
EPICenter Policy Manager (shown in the left half of the table) and the Configured Rules as they exist on
the device, shown in the right half of the table.
The rows in the comparison display are displayed in colors that indicate the status of the rule:
• Green indicates that the rule is a valid rule (is not in conflict with a rule already on the device), but
that it has not been configured on the device. Only the Ideal side of the table is filled in for these
rules.
EPICenter Software Installation and User Guide
447
The ACL Viewer
• White indicates that the rule is valid, and has been configured on the device. Both the Ideal and
Configured sides of the table are filled in.
• Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured
on the device. Two rules conflict when the traffic patterns for the rule are the same but the specified
treatment (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in.
• Blue indicates that the rule is configured on the device, but it was not generated by the EPICenter
Policy Manager. Only the Configured side of the table is filled in for these rules.
The columns in the display show information as follows:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in policy precedence order.
• Policy displays the name of the policy.
• Ideal Source Port displays the name of the device and the port specified by this policy.
• Ideal Profile indicates the QoS profile specified for port by this policy.
• Config Source Port is the device and port to which the QoS rule applies.
• Config Rule Profile is the QoS profile that applies to this port.
View Policy Rules
The Policy Rules display shows details of the Ideal Source Port QoS rules, as generated by the
EPICenter Policy Manager. The information in this display is as follows:
• ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the
column header will sort the policies in policy precedence order.
• Policy displays the name of the policy.
• Source Port is the device and port specified by this policy.
• Profile is the QoS profile that is specified for this VLAN by this policy.
• To be used indicates whether the rule is acceptable for configuration on the device (not in conflict
with any other rules). Values for this column are:
— Yes, the rule can be used.
— No (duplicated) indicating that the rule duplicates another rule.
— No (disabled) indicating that the policy is disabled.
View Configured Rules
The Configured Rules display shows details of the Source Port QoS rules that are actually configured on
the device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in
this display is as follows:
• Source Port specifies the device and port to which this treatment (QoS profile) applies.
• Profile is the QoS profile that applies to this port.
• Owner indicates how the rule was generated. If the rule was configured by the Policy Manager, the
owner will be EPICenter.
448
EPICenter Software Installation and User Guide
QoS Profile Display
QoS Profile Display
The QoS Profile display shows the QoS profiles defined for the selected device. For i-series devices, this
displays the eight profiles (QP1 through QP8) and the “blackhole” profile. For non-i-series devices, it
shows the four QoS profiles (QP1 through QP4) and the “blackhole” profile.
For i-series devices, it also shows per-port QoS profile settings that are different from the QoS profile
settings for the device as a whole. Figure 225 shows a QoS Profile display for an i-series device.
Figure 225: QoS profile display for an i-series device
The top table in the display, the Device profile settings, shows the QoS Profile settings configured for
the device as a whole. The lower table, the Port exception QoS Profiles, appears only for i-series devices
running ExtremeWare 6.2 or later, and shows the QoS settings for any ports that have had a QoS profile
defined individually for the port.
The information in the QoS Profile display is as follows:
• Profile is the name of the profile.
• Min BW is the minimum bandwidth setting.
• Max BW is the maximum bandwidth setting.
• Priority is the priority setting (low, lowHi, normal, nornalHi, medium, mediumHi, high, highHi, or
deny) of the profile.
• Policy shows the policies that use this profile on this device.
EPICenter Software Installation and User Guide
449
The ACL Viewer
The same columns are shown in the Port exception QoS Profiles table.
NOTE
For devices running versions of ExtremeWare prior to 6.x, only profiles QP1 through QP4 will be
displayed.
Network Login/802.1x Display
The Network Login/802.1x display shows lists the Network Login/802.1x information about each user
connected to the device. Figure 226 shows the Network Login/802.1x display.
Figure 226: Network Login/802.1x display
The information in the Network Login/802.1x display is as follows:
• Port is the port on the device on which the user is logged in.
• User Name is the name of the user.
• IP Address is the IP address of the user’s host.
• Login Type is the login type, either network login or 802.1x.
• MAC Address is the MAC address of the user’s host.
• VLAN is the VLAN to which the port belongs.
The Network Login/802.1x display is updated each time a user logs in and out of the selected device.
450
EPICenter Software Installation and User Guide
Cisco Device Policy Setup
Cisco Device Policy Setup
You can set up IP policies through the ACL Viewer for a Cisco device running Cisco IOS 11.2 or later.
1 Click the ACL Viewer radio button to display the ACL Viewer.
2 Select in the component tree the Cisco device that you want to configure.
3 Select the QoS Profile tab to display the QoS profile settings for the device.
4 Click the Cisco Policy Setup button that appears at the bottom of the QoS Profile page for a Cisco
device. This displays the Cisco Device Policy Setup pop-up window.
If you have not yet set the device up to be managed by EPICenter, the pop-up window appears as
shown in Figure 227.
Figure 227: Cisco Device Policy Setup window for an unmanaged Cisco device
Cisco Policy Setup button
Cisco Device Policy Setup window
5 To configure policy for the device through the EPICenter Policy Manager, the device must be
managed by the EPICenter server. Click the Manage this device radio button to specify that you
want to manage the device.
This changes the Cisco Device Policy Setup window to display the device configuration settings, as
shown in Figure 228.
EPICenter Software Installation and User Guide
451
The ACL Viewer
Figure 228: Setting up Cisco device policy
The initial values displayed either read from the switch, or are default values determined by the
EPICenter server.
6 To change the Starting Access List, Custom Queue List, or Priority Queue List, type or select a new
value in the appropriate field. The values you can use for these are as follows:
• Starting Access List: The EPICenter Policy Manager uses ten consecutive access lists to specify
traffic on a Cisco device. You can specify the starting access list, and EPICenter will use that list
plus the following five. For example, if you specify 100, then EPICenter will use access lists 100
through 109.
You can specify a starting access list between 100 and 190.
• Custom Queue List: You may specify a custom queue list for the EPICenter software to use to
apply policies that do bandwidth control. You can select a custom queue list from 1 to 16 from
the drop-down menu provided. The setting Don’t use indicates that no custom queue list is
configured on the device.
• Priority Queue List: You can specify a priority queue list for the EPICenter software to use to
apply policies that do priority control. You can select a priority queue list from 1 to 16 from the
drop-down menu provided. The setting Don’t use indicates that no priority queue list is
configured on the device.
7 For each interface to which the EPICenter Policy Manager will apply policies, select the interface in
the Interface list, and select a queueing strategy from the drop-down list in the Queueing Strategy
field.
• Select custom queuing to bind the custom queue you have selected to the interface, so the Policy
Manager can do bandwidth control on this interface.
• Select priority queueing to bind the priority queue you have selected to the interface, so the
Policy Manager can do priority control on this interface.
452
EPICenter Software Installation and User Guide
Cisco Device Policy Setup
• Select don’t manage if the Policy Manager should not manage this interface. This is the default
strategy.
8 Click OK when you have completed your policy setup.
After you have specified the access lists, and the custom and priority queue lists for the device, the
EPICenter Policy Manager will assume complete control of these resources. They will override any
other settings configured externally for these resources. The parameters are stored in the EPICenter
database, and are also written into the Cisco device login banner. If the same device is added again or
“sync”ed to the EPICenter database, these parameters will be read from the device during the
synchronization process.
NOTE
Configuring the banner causes the Cisco device to lose all ACL rules configured by EPICenter (but not
any other rules). If auto-configuration is enabled, the rules will be reconfigured automatically. If
auto-configuration is disabled, you should reconfigure the device using the directed Config operation
after configuring the banner.
EPICenter Software Installation and User Guide
453
The ACL Viewer
454
EPICenter Software Installation and User Guide
A Troubleshooting
This appendix describes how to:
• Resolve problems you may encounter that are related to the EPICenter server
• Resolve problems you may encounter while using the EPICenter client application
Troubleshooting Aids
If you are having problems with EPICenter, there are several things you can do to help prevent or
diagnose problems.
Using the Stand-alone Client Application
To enable debugging and log the output to a file in the stand-alone client application, you can run the
EPICenter client in debug mode.
In Windows 2000/XP, enter one of the following commands at the prompt in a command window or in
the Run field.
If you have both server and client installed on the same system:
c:\Program Files\Extreme Networks\EPICenter 4.1 > runclient.exe DEBUG DEBUG >
<logfile>
If you have the client only installed:
c:\Program File\extreme Networks\EPICenter 4.1 > runclient.exe DEBUG DEBUG > <logfile>
In Solaris, enter the one of the following commands at a command prompt.
If you have both server and client installed on the same system:
/opt/extreme/epc4_1/runclient DEBUG DEBUG >& <logfile>
If you have the client only installed:
/opt/extreme/epc4_1_client/runclient DEBUG DEBUG >& <logfile>
<logfile> is the name of the log file to be created. If you installed the client on a different drive and
directory, make the appropriate substitutions. Optionally, piping output to “tee,” if you have it
available, allows you to see the logs on the console as well as logging the data into the file.
EPICenter Software Installation and User Guide
455
Troubleshooting
Be sure to use different log file names if you are running multiple clients on the same machine.
Using the Browser-based Client (Windows Only)
NOTE
After a problem occurs, prior to pointing the browser to the EPICenter server, it is recommended that
you clear all browser cache information, including disk cache, and close and re-open the browser.
If you are using the browser-based client, please try to duplicate the problem with the Java Console
enabled in Internet Explorer. Look at the Java Console window and copy/paste (using [Ctrl]+C and
[Ctrl]+V on Windows 2000/XP) the contents into a text file. If a problem occurs, Extreme Networks
customer support may require the Java Console output.
In addition, you can run the client in a debug mode in the browser:
1 Start the client with the URL http://<host>:<port>/everest/debug.
2 After you enter your login information, but before the main EPICenter page is displayed, a page
with debug settings is displayed.
3 Select Info for “Client Debug Level”
4 Click Submit Query.
This enables more detailed information to be logged.
Enable the Java Console
To facilitate problem diagnosis, you can attempt to duplicate the problem with the Java Console
enabled. To enable the Java Console, do the following:
1 From the Windows Start menu, select Programs, then Java Plug-in Control Panel and launch the
Control Panel.
2 On the Basic page, click the Show Java Console check box.
3 Click Apply.
The next time you launch the EPICenter client, the Java Console will start automatically.
NOTE
Running with the Java Console displayed may affect the performance of the EPICenter client.
There is limited space for Java Console messages; once the console log file is filled, no more messages
will be recorded. If you are trying to duplicate a problem, clear the Java Console log file periodically by
clicking the Clear button at the bottom of the window.
You can close the Java Console by clicking the Close button at the bottom of the window. However,
once it is closed, it can only be restarted by closing and restarting the browser.
456
EPICenter Software Installation and User Guide
EPICenter Client
EPICenter Client
Problem: Client is unable to connect to the EPICenter server.
Verify that the EPICenter Server process is running.
Verify that the server is running on the specified port. You can try to connect to the server’s HTTP port
using a browser. If the server is running and you are using the correct port, the EPICenter main page
will be displayed.
If you are running the client on the same system as the EPICenter server, you can also use the Port
Configuration utility to determine the port on which the EPICenter server is running.
To run the Port Configuration utility, go to the Windows Start menu, and select Programs, then Extreme
Networks, followed by EPICenter 4.1, then Port Configuration.
For more information on the Port Configuration utility, see Appendix B.
Problem: Colors in client interface are incorrect (Windows 2000, Windows XP).
The Color Palette must be set for 65536 colors (or True Color). If your display is set for only 256 colors,
the colors in the left-hand panel (the Navigation Toolbar) and the EPICenter applets themselves may be
incorrect.
To change the color palette, double-click the Display icon in the Control Panel, select the Settings tab,
and use the drop-down list in the Color Palette field to select the appropriate setting.
Problem: After running for a while, the display disappears in some applets (Windows, browser
only).
Under some conditions in the browser client, the Java Plug-in can run out of memory. If you are
running with the Java Console enabled, you may see “Out of Memory” errors recorded in the console
log file. To alleviate this problem, you can grant the plug-in more memory through the Java Plug-in
Control Panel.
1 From the Windows Start menu, run the Java Plug-in Control Panel.
The Plug-in Control Panel should appear with the Basic page displayed.
2 In the Java RunTime Parameters field, enter the following without any embedded spaces:
-Xmxnnnm
nnn is the maximum number of megabytes of virtual memory available to the plug-in.
For example, entering -Xmx128m allows the plug-in to use up to 128 MBytes of virtual memory, and
should prevent out-of-memory problem.
3 If you see similar problems with the client application, restart the client to fix the problem.
Problem: Browser does not bring up the Login page.
Verify the version of the browser you are using. See the system requirements in Chapter 1 or see the
EPICenter Release Note and Quick Start Guide shipped with the software.
Problem: Browser client software loads and allows login, but data is missing or other problems arise.
Clear your browser’s cache, exit the browser, and restart it. This frequently clears up miscellaneous
start-up problems in the client.
EPICenter Software Installation and User Guide
457
Troubleshooting
In Internet Explorer, clear cache by selecting Internet Options under the Tools Menu, then clicking
Delete Files under the Temporary Internet Files section of the General tab.
Problem: Cannot cut, paste or print from the browser-based client, or save to the local file system.
As of EPICenter 4.0 the browser-based client no longer supports cut/paste/print or save from the
browser-based client. These functions are supported only in the stand-alone client application.
EPICenter Database
Problem: DBBACKUP utility will not run if LD_LIBRARY_PATH variable is not set correctly
In order for DBBACKUP to run, the LD_LIBRARY_PATH environment variable must include the path
<install_dir>/database (by default, /opt/epc_30/database). There are some needed .so files in
that directory. (10051)
Problem: Database server will not restart after incorrect shut down
If the EPICenter server is shut down incorrectly, the database may be left in an invalid state. In this case,
an “Assertion failed” error may occur when attempting to restart the server.
To recover the database in Windows 2000 or Windows XP, do the following:
1 Open a DOS command window.
The following commands assume you have accepted the default installation location, c:\epc4_1. If
you have installed EPICenter in a different location, substitute the correct installation directory in the
commands below.
2 Go to the EPICenter install directory:
cd c:\epc4_1
3 Add the EPICenter database directory to your path:
set path=c:\program files\epicenter4.1\database;%path%
4 Execute the following command:
database\dbeng7.exe -f basecamp.db
5 Watch the output from this command. If the database program indicates it cannot recover the
database, delete the database log:
del basecamp.log
and try executing the previous command again:
database\dbeng7.exe -f basecamp.db
6 If the database is successfully recovered, restart the server.
If the database cannot be recovered, you will need to restore the database from a backup. See
Appendix F for instructions on restoring the database from a backup.
To recover the database in Solaris, do the following:
1 Open a shell window (csh is used for the following example).
The following commands assume you have accepted the default installation location,
/opt/extreme/epc4_1. If you have installed EPICenter in a different location, substitute the correct
installation directory in the commands below.
458
EPICenter Software Installation and User Guide
EPICenter Server Issues
2 Go to the EPICenter install directory:
cd /opt/extreme/epc4_1
3 Make sure the LD_LIBRARY_PATH environment variable is set to the EPICenter directory installation
directory:
setenv LD_LIBRARY_PATH /opt/extreme/epc4_1/database
4 Execute the following command:
database/dbeng7.exe -f basecamp.db
5 Watch the output from this command. If the database program indicates it cannot recover the
database, delete the database log:
rm basecamp.log
and try executing the previous command again:
database/dbeng7.exe -f basecamp.db
6 If the database is successfully recovered, restart the server.
If the database cannot be recovered, you will need to restore the database from a backup. See
Appendix F for instructions on restoring the database from a backup.
EPICenter Server Issues
Problem: Cannot talk to a specific switch.
Verify that the switch is running ExtremeWare software version 2.0 or later.
Ping the switch's IP address to verify availability of a route. Use the ping command from a MS DOS or
Solaris command shell.
Verify that the read and write community strings used in the EPICenter match those configured on the
switch.
Problem: ExtremeWare CLI or ExtremeWare Vista changes are not reflected in EPICenter.
Verify that the switch is running ExtremeWare software version 2.0 or later.
From the Inventory Manager, click Sync to update the information from the switch. This refreshes the
switch specific data, validates the SmartTrap rules, and ensures that the EPICenter server is added as a
trap receiver (Extreme switches only).
If the problem persists, verify that the EPICenter workstation has been added in the list of trap
destinations on the given switch:
1 Telnet to the switch.
2 Log in to the switch.
3 Type show management to verify that the system running the EPICenter is a trap receiver.
An Extreme switch can support a maximum of 6 trap destinations in ExtremeWare 2.0, and up to 16
trap destinations with ExtremeWare 4.1 or greater. If EPICenter is not specified as a trap destination,
EPICenter Software Installation and User Guide
459
Troubleshooting
then no SmartTraps are sent, and the data is not refreshed. If you need to remove a trap receiver, use the
command:
config snmp delete trapreceiver <ipaddress>
For details, see the ExtremeWare Software User Guide.
Problem: Need to change polling interval, SNMP request time-out, or number of SNMP request
retries.
You can change the default values for the SNMP polling interval, the SNMP request time-out, or the
number of SNMP request retries, through the Administration applet, Server Properties page. You must
stop and restart the EPICenter server to have your changes take effect.
See Chapter 16 for information on the EPICenter Administration applet. See Chapter 3 for instructions
on stopping and starting the EPICenter server.
Problem: Need to change the Telnet or HTTP port numbers used to communicate with managed
devices.
You can change the port numbers for all managed switches through the Administration applet, Server
Properties page. You must stop and restart the EPICenter server to have your changes take effect.
See Chapter 16 for information on the EPICenter Administration applet. See Chapter 3 for instructions
on stopping and starting the EPICenter server.
Problem: Telnet polling messages can fill up a device’s syslog file.
For switches running older versions of ExtremeWare (prior to 6.0), the EPICenter server uses telnet
polling to get EDP topology and ESRP information. However, each telnet login and logout message is
logged to the switch’s log file, and will eventually fill up the log.
You can disable EDP and ESRP logging through the EPICenter Administration applet, Server Properties
page. This will also avoid the syslog messages.
See Chapter 16 for information on the EPICenter Administration applet. See Chapter 3 for instructions
on stopping and starting the EPICenter server.
Problem: Traps may be dropped during a trap “storm.”
The EPICenter server limits its processing of traps in order to be able to reliably handle trap storms
from a single or multiple devices. EPICenter limits its trap processing to 20 traps every 28 seconds from
an individual device, and a total of 275 traps every 55 seconds system-wide. Any traps that occur
beyond these limits will be discarded, but will be noted in the log.txt file.
Exceeding the first limit (>20 traps in 28 seconds) is rare, and should be considered abnormal behavior
in the managed device. If you are managing a large number of devices, you may reach the total (275)
limit in normal circumstances. If you are managing more than 1000 devices, it is recommended that you
increase the total number of traps to 500.
The trap processing limits can be changed through server properties in the Administration applet. See
Chapter 16 for more information on setting EPICenter server properties.
460
EPICenter Software Installation and User Guide
VLAN Manager
Problem: Under Solaris, an error occurs when attempting to enable the EPICenter Syslog server
function.
By default, Solaris runs its own Syslog server. This causes an error “Syslog Server unable to start:
Address already in use” when you attempt to enable the EPICenter syslog server. You must first stop
the Solaris syslog server in order to have EPICenter act as a Syslog receiver. To stop the Solaris Syslog
server, use the command:
/etc/init.d/syslog stop
Problem: EPICenter is not receiving traps.
If the IP address of a lost EPICenter host is changed while EPICenter is running, the system will not
receive traps. To fix the problem, restart the EPICenter server.
Problem: Policy Manager button does not appear in the Navigation Toolbar.
The EPICenter Policy Manager is a separately-licensed module, and requires installation of a separate
license key through the instlic license key utility. When you purchase the right to use the Policy
Manager applet, you will receive an activation key, found on the License Agreement included in your
software package. This key starts with “AC,” and can be used to obtain a permanent license key. You do
not need an activation key to obtain an evaluation license key.
To obtain a license key, use your browser to connect to the license page at
http://www.extremenetworks.com/go/epickey.htm. You can obtain an evaluation key or a permanent key
through this page. You will need your activation key to obtain a permanent license key. In either case,
you will be asked to enter some information about yourself, and the license key will be sent to you by
return e-mail. Follow the instructions in the EPICenter Software Installation Guide or the EPICenter Release
Note and Quick Start Guide to add this license to your EPICenter installation.
VLAN Manager
Problem: Multiple VLANs have the same name.
A VLAN is defined by the name, its tag value, and its protocol filter definition. EPICenter allows
multiple VLANs of the same name if one of the defining characteristics of one VLAN is different from
the other.
Problem: Multiple protocols have the same name.
EPICenter allows multiple protocols of the same name if one of the defining characteristics of one
protocol is different from the other.
Problem: Created a new protocol in VLAN Manager, but the protocol does not appear on any switch.
When a new protocol is created, it is stored in the EPICenter database. EPICenter only creates the
protocol on a switch when the new protocol is used by a VLAN on that switch.
Problem: Can only access one of the IP addresses on a VLAN configured with a secondary IP
address.
EPICenter does not currently support secondary IP addressing for a VLAN.
EPICenter Software Installation and User Guide
461
Troubleshooting
Problem: Configuration fails when attempting to configure a VLAN with a modified protocol
definition.
EPICenter does not have a mechanism to modify protocols. When a VLAN is configured through
EPICenter to use a protocol that does not exist on the switch, the protocol is first created on the switch.
However, if a protocol with the same name but a different definition already exists on the switch, the
operation will fail.
Problem: An untagged port has disappeared from its VLAN.
Check to see if the port has been added as an untagged port to a different VLAN. In EPICenter, adding
an untagged port to a VLAN automatically removes the port from its previous VLAN if the port was
untagged, and the new and old VLANs used the same protocol. You should receive a warning message
when this happens, which lets you proceed with the auto-deletion or cancel the operation. This is
different behavior from the ExtremeWare CLI, where you must first delete the port from the old VLAN
before you can add it to the new VLAN.
Alarm System
Problem: Device is in a fault state that should generate a trap or syslog message, and an alarm is
defined to detect it, but the alarm does not appear in the EPICenter Alarm Log.
There are several possible reasons this can occur. Check the following:
• Make sure that the alarm is enabled.
• Check that the device is in your alarm scope.
• Check that SNMP traps are enabled on the device.
• For a non-Extreme Networks device, make sure you have set EPICenter as a trap receiver on the
device (see Chapter 8).
• For an RMON alarm, make sure you have RMON enabled on the device.
• For Syslog messages, make sure that you have the EPICenter Syslog server enabled, and that remote
logging is enabled on the device with EPICenter set as a Syslog receiver.
• The number of traps being received by the EPICenter server may exceed the number of traps it can
handle in a given time period, resulting in some traps being dropped (see the item on dropping
traps on page 460). You can change the limits for the number of traps the server should accept (per
minute and per 1/2 minute) in the Administration applet. See Chapter 16 for more information on
setting EPICenter server properties.
Problem: The “Email to:” and “Short email to:” fields are greyed-out in the Actions tab of the New
Alarm Definition dialog.
You need to specify an e-mail server in order to send e-mail. Click the Settings... button next to the
Email to field to set up your mail server.
Problem: An RMON rule is defined to monitor a counter variable, and to cause an alarm when the
counter exceeds a certain value. The counter has exceeded the threshold value but no alarm has
occurred.
There are several things to check:
462
EPICenter Software Installation and User Guide
Alarm System
• Make sure the RMON rule and the alarm definition are set up correctly
• If the value of the counter was already above the threshold value when you set up the RMON rule,
and you have the Sample Type set to Absolute, no alarm will ever be generated. This because the
value must fall below the Falling Threshold value before the before another Rising Threshold trap
will be sent, and this will never occur. You should consider using the Delta Sample Type instead.
Problem: When creating an RMON rule in the RMON Rule Configuration window, the MIB variable
I want to use is missing from the list of variables displayed when I click “Lookup...”
The MIB Variable list displays only the MIBs shipped with the EPICenter software. In addition, within
those MIBs the variable list will not display variables that are indexed by an index other than (or in
addition to) ifIndex. You can still use variables that do not appear in the Lookup... list, but you must
type the complete OID into the MIB Variable field, in numeric notation. If the variable is a table
variable, you will need to append the specific index and apply the variable to each target device, one at
a time.
Problem: A program specified as an action for an alarm (in the Run Program field) does not get
executed. It includes output to the desktop among its functions.
If you are running the EPICenter server as a service, you must specifically tell it to allow output to the
desktop. To do this you must stop and restart the EPICenter server, as follows:
1 In the Services properties window, select EPICenter 4.1 Server and click Stop. (To find the Services
window, from the Start menu select Settings, then Control Panel, the double-click the Services icon).
2 When the EPICenter 4.1 Server service has be stopped, select it again and click Startup.... This
displays a pop-up window where you can specify start-up options.
3 In the lower part of the window, in the Log On As: area, click the box labeled Allow Service to
Interact with Desktop. Then click OK.
After the EPICenter server restarts, the program you have specified as an alarm action should execute
correctly.
To specify a batch file that does output to the desktop, you must specify the “.bat” file within a DOS
“cmd” command, as follows:
cmd /c start <file.bat>
where <file.bat> is the batch file you want to run.
Problem: Email alarm actions generate too much text for a text pager.
You can use the “Short email to:” option to send an abbreviated message appropriate for a text pager or
cell phone. The short email provides only very basic alarm information. See Chapter 5 for more details
on using the email options as an alarm action.
Problem: Alarm action that executes a script does not run to completion.
Check to determine if a command in the script has failed. If one command in the script fails, the rest of
the script will not be executed. This is expected behavior.
EPICenter Software Installation and User Guide
463
Troubleshooting
If you want to execute multiple script commands regardless of individual command failure, you must
catch the exception thrown in each command. For example, a script action:
catch {do Command1}
catch {do Command2}
will execute Command2 even if command1 fails. For detailed information on how to use the Tcl script,
consult the Tcl man pages or Help file at http://www.tcl.tk.
ESRP Manager
Problem: None of the member VLANs of an ESRP group are appearing in the ESRP Manager applet.
Make sure that all members of the ESRP group use the same election algorithm. If there is an election
algorithm mismatch between any of the ESRP-enabled switches in any of the ESRP-enabled VLANs in
the ESRP group, this causes a misconfiguration scenario, and ESRP will not function. As a result, none
of the members of the ESRP group will appear in the ESRP Manager applet.
Problem: Some of the switches in an ESRP-enabled VLAN are missing from the ESRP Manager
applet.
Make sure that the Hello Timer (ESRP Timer) is set to the same interval for all ESRP-enabled switches.
If there is a timer mismatch, ESRP will not function correctly, and the ESRP Manager applet will not be
able to detect ESRP switch neighbors that are not being managed by the EPICenter software.
Problem: Devices running ExtremeWare 4.x are not being polled for ESRP information.
The EPICenter server uses Telnet polling to add and update ESRP information for devices running
ExtremeWare 4.x. If you have the “Poll devices using Telnet” option disabled in the Administration
applet, no ESRP information will be obtained for these devices. You can enable telnet polling through
the Server Properties page in the Administration applet. See Chapter 16 for more information.
Inventory Manager
Problem: Discovery returns an error if more than 10,000 IP addresses are specified for a discovery
operation.
Discovering more than 10,000 IP addresses can consume too much memory in the EPICenter server. As
a result, the server does not allow more than 10,000 IP addresses to be discovered at once. If you need
to discover more than 10,000 devices, you must split your discovery into multiple operations.
Problem: Multiple switches have the same name.
This is because the sysName of those switches is the same. Typically, Extreme Networks switches are
shipped with the sysName set to the type of the switch “Summit48,” “Summit1i,” “Alpine3808,” and so
on, depending on the type of switch.
You can change the way names are displayed through a sever property in the Administration applet.
You can display devices in the Component Tree by name or by IP address and name. See Chapter 16 for
more information on setting EPICenter server properties.
464
EPICenter Software Installation and User Guide
ExtremeView
Problem: Discovery does not display the MAC address for some devices in discovery results list. In
addition, may not add the device to inventory (primarily happens with workstations).
If the MAC address is not found in the first instance of ifPhysAddress, it is not displayed in the
discovery results table. However, when the device is selected to be added to the EPICenter inventory,
the Inventory applet searches all the ifPhysAddress entries for the device, and will use the MAC
address found in this manner. If no MAC address is found in any ifPhysAddress entry, the device will
not be added to the EPICenter database.
Problem: Attempted to add a switch in the Inventory Manager after rebooting the switch, and
received an “SNMP not responding” error.
If a switch has recently been powered on, it may take some time (a number of minutes) before the
device is completely initialized. This will be especially true of chassis devices with many blades, or
devices with a large number of VLANs configured on the device. It the device has not completed its
initialization, the Inventory Add process may return an error. You can simply wait until the device has
finished initializing and try the Add function again.
ExtremeView
Problem: For a device selected under Status, the Device Information panel shows incorrect
information, and the device image is not displayed correctly.
This can be caused by a device IP address that is in conflict with another device on the network (a
duplicate IP address). Remove the problem device from the EPICenter inventory, and add it in again
with the correct IP address.
Problem: While looking at a device in ExtremeView, the device view was suddenly replaced by the
top-level ExtremeView page.
This will happen if another EPICenter user removes the device from the database while you are viewing
it. If you are running with the Java Console enabled you may see an error message indicating the device
has been removed (as long as your console log has not been filled up).
Problem: When device information is not displayed completely (for example, only a generic image is
displayed) no messages explaining the problem seems to appear.
These types of messages for ExtremeView are displayed as error messages in the Java Console error log.
These messages are really informational errors, but must be displayed as errors in order to appear
under the normal Java Console settings. To see these messages, you must be running the Java Console
(see “Enable the Java Console” on page 456). Also, there must still be room left in the console log, as it
stops displaying messages when it fills up.
Problem: After initiating a switch reboot from the switch configuration page in ExtremeView, the
browser times out with an error (browser client only).
You can initiate a switch reboot from the Switch configuration page in the ExtremeView applet
However, because the switch is rebooting, it does not respond to the browser’s forms submission, and
the browser will time out and report an error (Error: 504) instead of refreshing the configuration page.
Once the switch has successfully finished rebooting, you can select it again in the Component Tree and
the page will refresh correctly.
EPICenter Software Installation and User Guide
465
Troubleshooting
Grouping Manager
Problem: Cannot import users from NT Domain Controller
The EPICenter Server must be running with permissions that enable it to get user information from a
Domain Controller. To verify and change permissions for the Web Server, do the following:
1 From the Start menu, highlight Settings, pull right, and click on the Control Panel. This displays the
Control Panel folder.
2 Double-click on Services to display the Services Properties window.
3 In the Services properties window, select EPICenter 4.1 Server and click Stop. (To find the Services
window, from the Start menu select Settings, then Control Panel, the double-click the Services icon).
4 When the EPICenter 4.1 Server service has be stopped, select it again and click Startup.... This
displays a pop-up window where you can specify start-up options.
5 In the lower part of the window, in the Log On As: area, enter the account name and password for a
user who has the appropriate permissions to access the Domain Controller.
6 Click OK to restart the Web Server service to have the new user logon take effect.
Printing
Problem: When printing a topology map from the browser client, or a printing report, the browser
can appear to freeze.
Printing a report or a topology map can cause the browser utilization to become very high (approaching
100%) and can spool a very large amount of memory. There is no current solution other than to wait,
and the process will eventually finish.
Topology
Problem: In Map Properties, changed the node background color, but only some of the node
backgrounds changed.
The background color affects submap nodes, device hyper nodes and device or decorative nodes that do
not display the device icon (either because the icon display is turned off or the nodes have been
reduced in size to where the icon cannot be displayed). For device nodes and decorative nodes with the
device icon displayed, the background color is transparent, and the background color setting is ignored.
Problem: A link has been moved, but the old link still appears as a down or unknown link. In
addition, if just one end of the link has been moved, an L2 cloud node is added between the two
endpoint devices.
When a previously “up” link disappears, the EPICenter server cannot tell if whether it is down or has
been physically moved, so it changes its status to down (or unknown). EPICenter will detect the new
link and add it as an up link, but it will not remove the old link. If only one end of the link is moved,
EPICenter detects two links (one up and one down) that share the same endpoint on one side of the
link. It interprets this to mean that there is a hub between the two endpoint devices, and represents this
as an L2 cloud.
466
EPICenter Software Installation and User Guide
STP Monitor
To remove non-existent links and extraneous L2 clouds, you can use the Discover Links command in
the Topology applet. This command will remove all down links and extraneous L2 clouds. Note that
this command will also remove existing links that are down, but EPICenter will rediscover and add
back those links when they come back up.
Problem: The Discover Links command removed legitimate links that were down.
The EPICenter server cannot discover a link if the link is down. Therefore, when it rediscovers links it
will only discover up links (or partially up links in the case of composite links). However, down links
will automatically reappear when they come up again. You can also use the Discover Links command
again after the down links have come back up.
STP Monitor
Problem: There are multiple STP nodes with the same name.
The EPICenter server identifies an STP domain by its name and tag. If you see multiple STP domains in
EPICenter, you may have a misconfiguration where the same STP domains are configured with
different tags on different switches.
Reports
Problem: After viewing reports, added a user-defined report, but it doesn’t appear in the list of
reports on the main reports page.
The Reports page updates the list of reports when the page is loaded. To update the list, Refresh the
page.
Problem: Reports cannot be launched.
Due to a problem with Windows, sometimes reports cannot be launched. To solve this problem,
upgrade the version of the Internet Explorer or restart your PC.
EPICenter Software Installation and User Guide
467
Troubleshooting
468
EPICenter Software Installation and User Guide
B EPICenter Utilities
This appendix describes several utilities and scripts shipped with the EPICenter software:
• The DevCLI utility, that can be used to add, modify, delete, and sync devices and device groups; and
can be used to modify device configuration information from the EPICenter database using the
devcli command
• The Inventory Export scripts, that can be used to extract information from the EPICenter inventory
and output it to the console or to a file
• The SNMPCLI utility, that can be used to inspect the contents of device MIBs
• The Port Configuration utility, a Windows-only utility that you can use to change the ports used by
the EPICenter server
• The AlarmMgr utility, used to display alarm information from the EPICenter database. Results can
be output to a file.
• The FindAddr utility, used to find IP or MAC addresses within a set of devices or ports (specified
individually or as device or port groups). Results can be output to a file.
• The TransferMgr utility, used to upload or download device configurations, or to download new
software versions.
• The VlanMgr utility, used to create, reset, and delete VLANs.
• The ImportResources utility, used to import resources into the Grouping Manager from an external
source such as an LDAP or NT Domain Controller directory.
The DevCLI Utility
The DevCLI utility allows you to add, modify, and remove devices and device groups from an
EPICenter database using a command line statement, rather than through the EPICenter client user
interface. You can add devices and device groups individually or in groups, and you can specify
arguments such as community strings and login and passwords for both the EPICenter server and the
devices. You can modify device and device group settings as well as device configurations. You can
specify a list of devices in a file and have them added in a single operation.
The DevCLI is useful for updating the EPICenter inventory database quickly when large numbers of
devices or device groups are added, modified or removed, or if changes occur frequently. It can also be
useful when you want to duplicate the device inventory and device group configurations across
multiple installations of the EPICenter server.
EPICenter Software Installation and User Guide
469
EPICenter Utilities
Using the DevCLI Commands
The utility is located in the root EPICenter install directory, by default \epc4_1 or
/opt/extreme/epc4_1 (in a UNIX environment).
The DevCLI utility supports the following four commands:
• devcli add <options> to add a device or device group.
To add device 10.205.0.99 to the EPICenter database on the local host, using the default device user
name and password, enter the following command at the prompt:
devcli add -u admin -a 10.205.0.99
To add a device group to the EPICenter database with the name “Device Group 1,” enter the
following command at the prompt :
devcli add -u admin -g “Device Group 1”
To add multiple device groups to the EPICenter database with the names “Device Group 1” and
“Device Group 2,” enter the following command at the prompt :
devcli add -u admin -g "Device Group 1" -g "Device Group 2" -g "Device Group 3”
• devcli mod <options> to modify a device or device group.
To modify the password on device 10.205.1.51 to use an empty string, enter the command :
devcli mod -u admin -a 10.205.1.51 -d ““
NOTE
If you are running the DevCLI on a Windows platform, enter forward slashes to separate empty
double quotes to ensure the command executes correctly. For example, to use the previous
command in a Windows environment, enter the command: devcli mod -u admin -a
10.205.1.51 -d \"\"
To modify the name of a device group from “Device Group 1” to “New Device Group,” enter the
following command at the prompt:
devcli mod -u admin -g “Device Group 1” -m “New Device Group”
• devcli del <options> to remove a device or device group.
To remove device 10.205.0.99 from the EPICenter database, enter the command:
devcli del -u admin -a 10.205.0.99
To remove a device group named “New Device Group” from the EPICenter database, enter the
command :
devcli del -u admin -g “New Device Group”
• devcli sync <options> to manually update device configurations.
To manually update the device configurations for device 10.205.0.99, enter the command:
devcli sync -u admin -a 10.205.0.99
To manually update the configurations for the default device group, enter the command:
devcli sync -u admin -g Default
NOTE
You can type either sync or syn when you use the devcli sync command.
470
EPICenter Software Installation and User Guide
The DevCLI Utility
These commands support a set of options for specifying device information such as passwords and
community strings, device group information such as device group names and member devices, as well
as information about the EPICenter server, such as host name or IP address, port, and user name and
password. You can also specify multiple IP addresses in a file to have them added or removed as a
group, as long as they all use the same user name, password, and community strings.
Table 13 specifies the options you can use with these commands:
Table 13: DevCli command options
Option
Value
Default
-a
Device IP address. This option can be specified more than once.
None
-b
SNMP version 3 user name.
initialmd5
-c
Cisco enable password.
“”
-d
Device password.
“”
-e
Device group description.
None
-f
Input file name for IP addresses. This specifies an ascii file that contains a list of
IP addresses, one per line. No other information can be included in this file.
None
This option can be specified more than once.
-g
Device group to which devices should be added. Case sensitive. The device group
must already exist.
Default
-h
Input file name for device groups. This specifies an ascii file that contains a list of
device group descriptions, one per line. A device group description may be
included by enclosing both the device group name and the device group in double
quotes. The quotes sever to delimit the two values.
None
This option can be specified more than once.
-i
Device poll interval, in minutes
0
-j
SNMP version 3 privacy password
“”
-l
(Letter l) User name to use for device login
admin
-m
New device group name. Use this command when you are modifying a device
group
None
-n
EPICenter server port number
80
-o
SNMP version 3 authentication password
initialmd5
-p
EPICenter user password
“”
-r
Read community string (only needed for adding devices; not needed for deleting
them).
public
-s
EPICenter server hostname or IP address
localhost
-t
SNMP version 3 authentication protocol (none, MD5, SNA)
md5
-u
EPICenter user name
none
-v
SNMP version (1, 3)
-w
Write community string (only needed for adding devices; not needed for deleting
them).
EPICenter Software Installation and User Guide
“private”
471
EPICenter Utilities
Table 13: DevCli command options (continued)
Option
Value
Default
-x
Modify device setting (ssh, nussh, offline, online)
none
-y
SNMP version 3 privacy protocol (none, crc)
none
-z
Record filename (for recording)
none
Options such as the user login names and passwords and community strings, apply to all devices
specified in the command. You can specify multiple devices in one command as long as they use the
same options. If you have devices with different access parameters, you must add or delete them in
separate commands. The exception is when removing devices or device groups, you do not need to
specify community strings, so you can remove multiple devices in a single command even it their
community strings are different.
Most options default to the values equivalent to those used by default on Extreme Networks devices or
in the EPICenter software.
You can specify only one EPICenter server (database) in a command. If you want to add the same
devices to multiple EPICenter databases, you must use a separate command for each server. The
command by default adds or removes devices from the EPICenter database running on the local host at
port 80.
DevCLI Examples
The following examples illustrate the usage of these commands.
• To add a device with IP address 10.205.0.99 to the EPICenter database running on server snoopy on
port 81, with EPICenter login “master” and password “king,” enter the following command:
devcli add -u admin -a 10.205.0.99 -s snoopy -n 81 -u master -p king
• To add two devices (10.205.0.98 and 10.205.0.99) to the EPICenter database on the local host, with
read community string “read” and write community string “write,” enter the following command:
devcli add -u admin -a 10.205.0.98 -a 10.205.0.99 -r read -w write
• To add multiple device groups specified in the file “devGroupList.txt” to the EPICenter database,
enter the following command:
devcli add -u admin -h devGroupList.txt
The file devGroupList.txt must be a plain ASCII text file containing one device group name and
one description (if applicable) per line, such as:
“Device Group 2”
Building B
dg4
“Marketing”
If a line has multiple words delimited by white space and the words are not enclosed in double
quotes, the whole line is interpreted as a device group name without a device group description. If
the device group name consists of multiple words delimited by white space, and you want to specify
a device group description, you must use double quotes to enclose both the device group name and
the device group description.
472
EPICenter Software Installation and User Guide
Inventory Export Scripts
• To modify the membership of a device group named “Engineering Device Group” to remove any
existing devices from the device group and add four new devices (10.205.0.91, 10.205.0.92,
10.205.0.93, and 10.205.0.94) to the device group, enter the following command:
devcli mod -u admin -g “Engineering Device Group” -a 10.205.0.91
-a 10.205.0.92 -a 10.205.0.93 -a 10.205.0.94
• To delete a set of devices specified in the file “devList.txt” with device login “admin2” and password
“purple,” enter the following command:
devcli del -u admin -f devList.txt -l admin2 -d purple
The file devList.txt must be a plain ASCII text file containing only IP addresses and only one IP
address per line, such as:
10.205.0.95
10.205.0.96
10.205.0.97
If more than one IP address is specified per line, only the first IP address is used.
• To delete two device groups (“Building A” and “Building C”) from the EPICenter database, enter the
following command:
devcli del -u admin -g “Building A” -g “Building C”
• To manually update the configurations of two devices (10.205.0.91 and 10.205.0.93), enter the
command:
devcli sync -u admin -a 10.205.0.91 -a 10.205.0.93
Inventory Export Scripts
There are three scripts you can run to export information about the devices or occupied slots known to
the EPICenter inventory. The scripts let you export information on devices known to a single EPICenter
installation, on slots known to a single EPICenter installation, or on devices known to multiple
EPICenter servers. The information will be output in comma-separated (CSV) format suitable for
importing into a spreadsheet.
• For a device report, the information reported includes the device name and type, IP address,
location, serial and board numbers. If you use the Distributed server version of this report, the name
of the EPICenter server that manages the device will also be included.
• For a slot report, it includes the device name and IP Address, slot number, slot name and slot type,
and the serial number of the blade in the slot.
Using the Inventory Export Scripts
The three scripts are located in the EPICenter user\scripts\bin directory under the EPICenter install
directory (by default \epc4_1 under Windows, or /opt/extreme/epc4_1 under Solaris). You must have
the user\scripts\bin directory as your current directory in order to run these scripts.
There are three inventory export scripts you can use:
• inv.bat <options> (Windows), or inv.sh <options> (Solaris) exports device information from
the EPICenter database.
To export device information to file devinfo.csv under Windows, enter the command:
cd epc4_1\user\scripts\bin
inv.bat -o devinfo.csv
EPICenter Software Installation and User Guide
473
EPICenter Utilities
Under Solaris, enter the command:
cd epc4_1/user/scripts/bin
inv.sh -o devinfo.csv
• slots.bat <options> (Windows), or slots.sh <options> (Solaris) exports slot information from
the EPICenter database.
To run the command as user “user1,” and export slot information to file slotinfo.csv under
Windows, enter the command:
cd epc4_1\user\scripts\bin
slots.bat -u user1 -o slotinfo.csv
Under Solaris, enter the command:
cd epc4_1/user/scripts/bin
slots.sh -u user1 -o slotinfo.csv
• msinv.bat <options> (Windows), or msinv.sh <options> (Solaris) exports device information
from the databases of multiple EPICenter servers. You must provide a list of EPICenter servers in a
file.
To export device information from the databases of EPICenter servers listed in file servers.txt (in the
scripts\config directory) to file alldevinfo.csv, without prompting for a password under
Windows, enter the command:
cd epc4_1\user\scripts\bin
msinv.bat -d -o alldevinfo.csv -s ..\config\servers.txt
Under Solaris, enter the command:
cd epc4_1/user/scripts/bin
msinv.sh -d -o alldevinfo.csv -s ../config/servers.txt
The server file defaults to the file servers.txt in the user\scripts\config directory. You can edit
this file to include the names or IP addresses of the servers where the EPICenter server and
databases are running. You can also provide your own file. The format of the file entries are:
<servername or IP>:<port>
For example:
iceberg:80
10.2.3.4:81
Table 14 specifies the options you can use with these commands:
Table 14: Inventory script command options
Option
Value
Default
-d
None
If -p option not present, prompts for
password
If present, the command will use the default EPICenter
password (“”) and will not prompt for a password.
-n
EPICenter server port number
80
-o
Name of file to receive output. If you don’t specify a path,
the file will be placed in the current directory
(user\scripts\bin).
output written to console (stdout)
-p
EPICenter user password
“”
-u
EPICenter user name
admin
474
EPICenter Software Installation and User Guide
Inventory Export Scripts
Table 14: Inventory script command options (continued)
Option
Value
Default
-s
For the msinv.bat and msinv.sh commands only: Name
(and path) of file containing EPICenter server list
<epc_install_dir>\user\scripts\
config\servers.txt under Windows,
<epc_install_dir>/user/scripts/
config/servrs.txt under Solaris
NOTE
The inv.bat, inv.sh, slot.bat, and slot.sh scripts retrieve information only from an EPICenter server that
runs on the same machine as the scripts.
Inventory Export Examples
The following examples illustrate the usage of these commands.
• To export slot information to the file slotinventory.csv from the EPICenter database whose login
is “admin123” and password is “sesame” under Windows, enter the following command:
slots.bat -u admin123 -p sesame -o slotinventory.csv
Under Solaris, enter the following command:
slots.sh -u admin123 -p sesame -o slotinventory.csv
This will not prompt for a password, and will output the results to the specified file.
• To export device information to the console, after prompting for a password under Windows, enter
the following command:
inv.bat
Under Solaris, enter the following command:
inv.sh
This command will login with the default user name (admin), will prompt for the password, and
will output the results to the console.
• To export device information to the console, using the default login and default password under
Windows, enter the following command:
inv.bat -d -o output.csv
Under Solaris, enter the following command:
inv.sh -d -o output.csv
This command will login using the default user name (admin) and the default password, and will
output the results to the file output.csv in the user\scripts\bin directory.
• To export device information from the EPICenter databases on the multiple servers under Windows,
edit the servers.txt file in the user\scripts\config directory, then enter the following command:
msinv.bat -d -o devices.csv -s serverlist2.txt
Under Solaris, edit the servers.txt file in the user/scripts/config directory, then enter the
following command:
msinv.sh -d -o devices.csv -s serverlist2.txt
This command logs in to each of the EPICenter servers specified in the file serverlist2.txt, using
the default login and password, and output the device information from these servers to the file
devices.csv. The devices.scv file is created in the user\scripts\bin directory.
EPICenter Software Installation and User Guide
475
EPICenter Utilities
The SNMPCLI Utility
The SNMPCLI utility provides three basic SNMP query capabilities, that can be used to access the
values of MIB objects kept by the SNMP agents of the devices you are managing. Accessing these
variable may be helpful in diagnosing problems with a device or its configuration, if its behavior as
seen through the EPICenter software is not as expected.
Use of this utility assumes you are familiar with SNMP MIBs, and can determine the OID the variable
you want to retrieve, as well as the meaning of the results that are returned.
NOTE
The SNMPCLI utility uses SNMP version 1.
Using the SNMPCLI Utility
The three scripts are located in the EPICenter user\scripts\bin directory under the EPICenter install
directory (by default \epc4_1 under Windows, or /opt/extreme/epc4_1 under Solaris). You must have
the user\scripts\bin directory as your current directory in order to run these scripts.
The SNMPCLI utility supports the following three commands:
• snmpcli snmpget <options> returns the value of a specified OID.
For example, to get the value of the object (the variable extremePrimaryPowerOperational in the
Extreme Networks MIB) whose OID is .1.3.6.1.4.1.1916.1.1.1.10.0 on the device at 10.205.0.99,
enter the following command:
snmpcli snmpget -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.10.0
• snmpcli snmpnext <options> returns the value of the next OID (subsequent to the OID you
specify) in the MIB tree.
For example, you can use this command to get the value of the object whose OID is
.1.3.6.1.4.1.1916.1.1.1.10.0 on the device at 10.205.0.99, by entering the following command:
snmpcli snmpnext -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.10
• snmpcli snmpwalk <options> returns the value of the entries in a table.
For example, to get the value of the entries in the extremeFanStatusTable, which is OID
.1.3.6.1.4.1.1916.1.1.1.9 on the device at 10.205.0.99, enter the following command:
snmpcli snmpget -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.9
Table 15 specifies the options you can use with these commands:
Table 15: SnmpCli command options
Option
Value
Default
-a
Device IP address. This option can be specified more than once. This option is
required.
None
-i
Number of indices to use when walking a MIB table (1 or 2).
1
-o
Object Identifier (OID) of the MIB object whose value you want to retrieve, or that
is the starting point for the values you want. This option is required.
None
476
EPICenter Software Installation and User Guide
Port Configuration Utility
Table 15: SnmpCli command options (continued)
Option
Value
Default
-r
Read community string
public
-t
Timeout value for SNMP request, in milliseconds.
500 ms
SNMPCLI Examples
The following examples illustrate the usage of these commands.
• To retrieve the values of the extremePrimaryPowerOperational and
extremeRedundantPowerStatus variables for the Extreme Networks device with IP address 10.205.0
99, with read community string “purple” and a timeout of 1000 ms, enter the following command:
snmpcli snmpget -a 10.205.0.99 -r purple -t 1000 -o .1.3.6.1.4.1.1916.1.1.1.10.0
-o .1.3.6.1.4.1.1916.1.1.1.11.0
This returns the following:
IP Address: 10.205.0.99
Read community string: purple
Timeout(ms): 1000
OUTPUT:
OID: .1.3.6.1.4.1.1916.1.1.1.10.0 ;
OID: .1.3.6.1.4.1.1916.1.1.1.11.0 ;
VALUE: 1
VALUE: 1
• To retrieve the values from the extremeFanStatusTable variables for the Extreme Networks device
with IP address 10.205.0.99, with the default read community string (public) and a default timeout,
enter the following command:
snmpcli snmpwalk -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.9
This returns the following:
IP Address: 10.205.0.99
Read community string: public
Timeout(ms): 500
OUTPUT:
OID: .1.3.6.1.4.1.1916.1.1.1.9.1.1.1
OID: .1.3.6.1.4.1.1916.1.1.1.9.1.1.2
OID: .1.3.6.1.4.1.1916.1.1.1.9.1.1.3
OID: .1.3.6.1.4.1.1916.1.1.1.9.1.2.1
OID: .1.3.6.1.4.1.1916.1.1.1.9.1.2.2
OID: .1.3.6.1.4.1.1916.1.1.1.9.1.2.3
;
;
;
;
;
;
VALUE:
VALUE:
VALUE:
VALUE:
VALUE:
VALUE:
1
2
3
2
2
2
Port Configuration Utility
The Port Configuration utility is a stand-alone utility that runs on the Windows 2000, or Windows XP
platform.
The EPICenter Port Configuration utility provides a way for an EPICenter administrator to change some
of EPICenter’s logical TCP/IP port numbers, in the event that there are conflicts between these port
numbers and those used by other software products running on the same system. Because these port
conflicts may prevent EPICenter from running, the port configuration capability needs to be accessible
outside of EPICenter. The Port Configuration application runs on the same system as the EPICenter
Database Server and Web Server.
EPICenter Software Installation and User Guide
477
EPICenter Utilities
You can run the utility from the Programs menu. You do not need to shut down the EPICenter services
(Web Server or database) in order to change the port configurations. However, the new configurations
will not take effect until you restart the affected server(s).
To run the Port Configuration utility, do the following:
1 Run the program from the Windows Start menu:
Select Programs, then Extreme Networks, followed by EPICenter 4.1, then Port Configuration.
The EPICenter Port Configuration window appears, as shown in Figure 229.
Figure 229: EPICenter Port Configuration Utility
2 Type in new port values for the ports you want to change.
You can use the standard Windows Cut, Copy, and Paste functions from the Edit menu, or use the
keyboard shortcuts ([Ctrl]+X, [Ctrl]+C, and [Ctrl]+V) to move values among the fields.
The Apply button is enabled when there is text in some edit field.
3 Click Apply to record the settings you have entered.
Click the Reset button for a specific port to reset that port to its default value. The Reset button for a
field is enabled when the corresponding values in the “Current port value” field is something other
than the default.
Click Done when you have finished making and applying changes. Any new text in the edit fields,
that has not been applied, is discarded.
The utility checks to see if it can open the requested new port number(s). If the new port number is
in use, the utility reports this fact and asks if you want to keep the new value anyway.
4 To have the new port settings take effect, restart the server(s) whose ports you have changed.
Changes do not take effect until the corresponding service is stopped and restarted.
However, after applying the new values, the entries under “Current port value” are updated. This
information can be misleading if you have not yet restarted the corresponding services. In particular,
if you dismiss and re-run the Port Configuration utility before you restart the affected services, the
“Current port value” fields will reflect the changed values which are not yet in effect.
If the servers are running as system services, you can restart your system, or stop and restart the
servers using the Services utility from the Windows Control Panel.
If the EPICenter servers are not running as NT system services, you must manually stop and restart
the servers.
478
EPICenter Software Installation and User Guide
The AlarmMgr Utility
The AlarmMgr Utility
The Alarm Manager utility (AlarmMgr) enables you to access EPICenter alarm information and output
the results to a command window or to a file. This command provides a command-line version of part
of the functionality available in the EPICenter Alarm Manager applet.
Using the AlarmMgr Command
The AlarmMgr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By
default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment.
This command includes options for specifying EPICenter server access information and alarm filtering
parameters.
The syntax of the command is as follows:
AlarmMgr -user <EPICenter username> <options>
The EPICenter user name is required. All other parameters are optional.
The basic command displays information about the last 300 alarms in the EPICenter database. By using
filtering options, you can display information about selected alarms. You can specify a time period of
interest as well as characteristics of the alarms you want to include.
You can select alarms based on criteria such as the alarm name, severity, category, source (the IP address
or IP address and port that generated the alarm) and whether the alarm has been acknowledged. You
can combine many of these criteria so that only alarms that meet all your criteria will be included in the
results. For example, you may want to display only critical alarms from a specific device, or all alarms
in a specific category that are not acknowledged.
Table 16 specifies the options you can use with this command:
Table 16: AlarmMgr command options
Option
Value
Default
-user <username>
EPICenter user name. This option is required.
None
-password <password>
EPICenter user password. If the password is blank, do not include
this argument.
No
password
-host <hostname | IP
address>
EPICenter server hostname or IP address
localhost
-port <port>
EPICenter server port number
80
-h <N>
Display alarms that occurred within the last N
hours
-d <N>
Display alarms that occurred N days ago
-y
Display alarms that occurred yesterday
EPICenter Software Installation and User Guide
These options are
mutually exclusive
and may not be
combined
Last 300
alarms
479
EPICenter Utilities
Table 16: AlarmMgr command options (continued)
Option
Value
Default
-c <category>
Display alarms that occur for a specific
category. Category specification is case
insensitive. Must be quoted if category name
includes spaces or other delimiters.
-s <severity>
Display alarms that occur for a specific
severity. Severity specification is case
insensitive.
-dip <IP address>
Display alarms that occur for a specific device
as specified by IP address.
-p <port>
Display alarms that occur for a specific port on
the device specified with the -dip option.
All ports
-an <alarm name>
Display alarms that occur for a specific alarm.
Alarm name specification is case insensitive.
Must be quoted if alarm name includes spaces
or other delimiters.
All
alarms
-a
Display all acknowledged alarms.
All
alarms
-u
Display all unacknowledged alarms.
-f <file specification>
Name of file to receive output. If you do not specify a path, the file is
placed in the current directory. If the file already exists, it is
overwritten.
Comman
d window
(stdout).
-help
Displays syntax for this command
None
When these
options are
combined, an
alarm must meet
all criteria to be
included in the
results.
Each of these
options may be
specified only
once.
All
categorie
s
All
severity
levels
All
devices
• You can specify only one EPICenter server (database) in a command. If you want to display alarms
from multiple EPICenter databases, you must use a separate command for each server.
• The options for specifying the relevant time period (-h, -d, and -y) are mutually exclusive and
cannot be combined.
• You can specify filter options such as an alarm name or device (IP address) only once per command.
If you want to display information for a several values of a filter option, such as several alarm
names, devices, severity levels, etc., you must execute an AlarmMgr command for each value of the
filter option. For example, to display alarms for two different devices, you must execute two
AlarmMgr commands.
• If you specify multiple filter options, they are combined in the manner of a logical AND. This means
that an alarm entry must meet all the specified criteria to be included in the command results.
• The options for specifying the relevant time period are mutually exclusive and cannot be combined.
• You should not combine the -a and -u options (for acknowledged and unacknowledged alarms).
This combination indicates you want to display alarms that are both acknowledged and
unacknowledged. However, there are no alarms that meet this criteria since an alarm cannot be both.
To display both alarms that are acknowledged and alarms that are unacknowledged, do not specify
either option.
480
EPICenter Software Installation and User Guide
The FindAddr Utility
AlarmMgr Output
The output from the AlarmMgr command is displayed as tab-delimited ascii text, one line per alarm.
Each line contains the following information:
• ID: Event ID of the alarm (assigned by the EPICenter server when the alarm is received)
• Name: Name of the alarm
• Category: Category that the alarm is classified under
• Severity: Severity level of the alarm
• Source: IP address of the device that generated the alarm
• Time: time the alarm occurred, reported as Greenwich Mean Time
• Message: Message associated with the alarm
• Acked: Whether the alarm has been acknowledged (true or false)
AlarmMgr Examples
The following examples illustrate the usage of these commands.
• To display the last 300 alarm log entries in the EPICenter database running on the local server, as
user admin with the default password, enter the following command:
AlarmMgr -user admin
• To display the last 300 alarm log entries in the EPICenter database running on server snoopy on port
81, with EPICenter login “master” and password “king,” enter the following command:
AlarmMgr -host snoopy -port 81 -user master -password king
• To display all alarm log entries for the alarm named FanFailed in the local EPICenter database that
occurred yesterday and are unacknowledged, enter the following command:
AlarmMgr -user admin -y -u -an “Fan Failed”
• To find all alarm log entries that were generated from port 12 on device 10.2.3.4, and place the
results in the file device1.txt enter the following command:
AlarmMgr -user admin -dip 10.2.3.4 -p 12 -f device1.txt
The FindAddr Utility
Using the Find Address command (FindAddr) you can specify a Media Access Control (MAC) or
Internet Protocol (IP) network address, and a set of network devices (or ports on a device) to query for
those addresses. The command returns a list of the devices and ports associated with those addresses,
and output the results to the command window or to a file.
This command provides a command-line version of the functionality available in the EPICenter
IP/MAC Address Finder applet.
EPICenter Software Installation and User Guide
481
EPICenter Utilities
Using the FindAddr Command
The FindAddr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By
default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment.
This command includes options for specifying EPICenter server access information, the address to be
located, and a search domain (an individual device and ports, or a device or port group).
The syntax of the command is as follows:
FindAddr -user <EPICenter username> <address options> <search domain options> <other
options>
The EPICenter user name is required. You must also include at least one search address specification,
and a search domain specification.
The FindAddr command returns a list of MAC and IP addresses and the devices and ports associated
with those addresses.
Table 17 specifies the options you can use with this command:
Table 17: FindAddr command options
Option
Value
Default
-user <username>
EPICenter user name. This option is required.
None
-password <password>
EPICenter user password. If the password is blank, do not include
this argument.
No
password
-host <hostname | IP
address>
EPICenter server hostname or IP address.
localhost
-port <port>
EPICenter server port number.
80
Do not specify this after the -dip option or it will be taken as a search
domain specification.
-f <file specification>
Name of file to receive output. If you do not specify a path, the file is
placed in the current directory. If the file already exists, it is
overwritten.
Comman
d window
(stdout)
-help
Displays syntax for this command.
None
Search address options:
-all
Display all addresses located in the search
domain.
-mac <mac_address>
Locate the specified MAC address. The
address must be specified as six two-digit
hexadecimal values separated by colons
(xx:xx:xx:xx:xx:xx). You can specify a wildcard
address by specifying asterisks instead of the
last three values (for example, 21:14:18:*:*:*).
At least one of
these options is
required.
None
The -mac and -ip
options may be
combined.
This option may be repeated.
-ip <IP address>
Locate the specified IP address.
This option may be repeated.
482
EPICenter Software Installation and User Guide
The FindAddr Utility
Table 17: FindAddr command options (continued)
Option
Value
Default
Search domain options:
-dg <device group>
Defines the search domain to include the
specified device group.
At least one of
-dip, -dg, or -pg
must be provided.
-pg <port group>
Defines the search domain to include the
specified port group.
-dip <IP address>
Defines the search domain to include the
device specified by the IP address.
-port <port>
Defines the search domain to include one or more ports on the
device specified by the -dip option. Multiple ports can be specified
separated by commas. Slot and port are specified as slot:port. For
example, 1:2,2:3
None
These options
may be repeated
and combined.
All ports
on the
device
Important: If used, this option must immediately follow the -dip
option to which it applies.
• You can specify only one EPICenter server (database) in a command. If you want to search devices
from the inventory databases of multiple EPICenter servers, you must use a separate command for
each server.
• You can specify multiple IP and MAC addresses as search items by repeating the -ip or -mac
options.
— For MAC addresses, you can specify a wildcard for the last three values in the address (such as
10:11:12:*:*:*).
— Wildcards are not supported for IP addresses. To search for multiple IP addresses, you can use
the -all option, or include multiple -ip options.
— You can specify both an IP address and a MAC address as search addresses in one command.
• You can specify each search domain option multiple times.
— Wildcards are not supported for device IP addresses. To include multiple devices in the search
domain, you can specify a device group that contains the devices, or specify multiple -dip
options.
— To restrict the search domain to one or more ports on a device, specify the -port option
immediately after the -dip option. If you place it anywhere else in the command, it will be taken as
the server port specification.
— You can specify individual devices, device groups, and port groups in a single command.
FindAddr Output
The output from the FindAddr command is displayed as tab-delimited text, one line per address. Each
line contains the following information:
• Both the MAC address and the corresponding IP address.
• The switch and port to which the address is connected.
• The user (name) currently logged in at that address, if applicable.
The output also tells you the total number of addresses found, and lists any switches in the search
domain that were unreachable.
EPICenter Software Installation and User Guide
483
EPICenter Utilities
FindAddr Examples
The following examples illustrate the usage of these commands.
• To display all addresses that can be accessed through devices in the Default device group, from the
local EPICenter database (with default user, password and port), enter the following command:
FindAddr -user admin -all -dg Default
• To display all addresses that can be accessed through device 10.20.30.40, ports 5,6,7,8, in the
EPICenter database running on server snoopy on port 81, with EPICenter login “master” and
password “king,” enter the following command:
FindAddr -host snoopy -port 81 -user master -password king -dip 10.20.30.40 -port
5,6,7,8 -all
Note that the second -port option immediately follows the -dip option. It must be placed in this
position to specify ports as the search domain.
• To search for MAC addresses beginning with 00-01-03, and write the results to the file “info.txt,”
with the Default device group as the search domain, enter the following command:
FindAddr -user admin -mac 00:01:03:*:*:* -dg Default -f info.txt
If the file does not already exist, it will be created, by default in the EPICenter bin directory.
The TransferMgr Utility
The Transfer Manager utility (TransferMgr) allows you to upload configuration information from a
device to a file, and to download configuration information and ExtremeWare software images to
Extreme devices.
This command provides a command-line version of some of the functionality available in the EPICenter
Configuration Manager applet.
Using the TransferMgr Command
The TransferMgr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By
default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment.
This command includes options for specifying EPICenter server access information, the transfer
function to be performed (upload, download, incremental download, or ExtremeWare image
download), the device on which to perform the operation on, and the file location on the server.
The syntax of the command is as follows:
TransferMgr -user <EPICenter username> -upload -dip <device address> <upload
location options>
TransferMgr -user <EPICenter username> -download <filename>
-dip <device address>
TransferMgr -user <EPICenter username> -incremental <filename>
-dip <device address>
TransferMgr -user <EPICenter username> -software <filename>
-dip <device address> {primary | secondary}
484
EPICenter Software Installation and User Guide
The TransferMgr Utility
The EPICenter user name, one of the four transfer options, and a device IP address are required. Other
options are optional.
Table 18 specifies the options you can use with this command:
Table 18: TransferMgr command options
Option
Value
Default
-user <username>
EPICenter user name. This option is required.
None
-password <password>
EPICenter user password. If the password is blank, do not
include this argument.
No password
-host <hostname | IP
address>
EPICenter server hostname or IP address
localhost
-port <port>
EPICenter server port number
80
-help
Displays syntax for this command
None
-upload
Upload configuration from the device specified with the -dip
option.
None
-dip <IP address>
IP address of device from which configuration should be
uploaded. This option is required, and may be repeated.
None
-ft <string>
Text string to be appended to device IP address to create a
file name (in the format xx_xx_xx_xx.string).
<ipaddress>.txt
-fl <directory>
Directory or path below the configs directory where the
upload file should be placed. <tftp_root> is the location of
your TFTP server. By default, <tftp_root> is
<EPICenter_install_dir>\user\tftp.
<tftp_root>\config
s
-a
Place upload file into the archive directory
(<tftp_root>\configs\<year>\<month>\<day>\
<ipaddress>_<time>.txt
<tftp_root>\config
s\<ipaddress>.txt
Upload configuration:
(xx_xx_xx_xx.txt)
This option may not be combined with the -fl and -ft options.
Download configuration:
-download <filename | path
and filename>
Download configuration from the specified file to the device
specified with the -dip option. The specified file must be
located in or below the <tftp_root>\configs directory. By
default, <tftp_root> is <EPICenter_install_dir>\user\tftp.
None
-dip <IP address>
IP address of device to which configuration should be
downloaded. This option is required. It may not be repeated.
None
Download Incremental configuration:
-incremental <filename>
Download an incremental configuration from the specified file
to the device specified with the -dip option. The specified file
must be located in the <tftp_root>\baselines directory. By
default, <tftp_root> is <EPICenter_install_dir>\user\tftp.
None
-dip <IP address>
IP address of device to which configuration should be
downloaded. This option is required. It may not be repeated.
None
EPICenter Software Installation and User Guide
485
EPICenter Utilities
Table 18: TransferMgr command options (continued)
Option
Value
Default
Download ExtremeWare software image:
-software <filename | path
and filename>
Download a software image from the specified file to the
device specified with the -dip option. The specified file must
be located in the <tftp_root>\images directory. By default,
<tftp_root> is <EPICenter_install_dir>\user\tftp.
None
Important: Make sure the software version is compatible
with the switch to which you are downloading.
-dip <IP address>
IP address of device to which the image should be
downloaded. This option is required. It may not be repeated.
None
-primary
Download to the primary image location.
Current location
-secondary
Download to the secondary image location.
• You can specify only one EPICenter server (database) in a command. If you want to upload or
download to or from devices managed by multiple EPICenter servers, you must use a separate
command for each server.
• Configuration and image files are all stored in subdirectories of the EPICenter TFTP root directory,
which is by default <EPICenter_install_dir>\user\tftp. You can change the location of the TFTP
root directory by using the Server function of the EPICenter Configuration Manager applet.
• Standard ExtremeWare software images as shipped by Extreme Networks are provided in the
directory <EPICenter_install_dir>\user\tftp\images directory (by default
epc4_1\user\tftp\images in the Windows operating environment, or
/opt/extreme/epc4_1/user/tftp/images on a Solaris system).
NOTE
Make sure the software version you download is compatible with the switch. If you download an
incompatible version, the switch may not function properly.
• For uploading, you can specify multiple devices in one command. For the download options
(-download, -incremental, and -software) you can specify only one device per command. If you
want to download to multiple devices, you must execute multiple TransferMgr commands.
TransferMgr Examples
The following examples illustrate the usage of these commands.
• To upload configuration information from device 10.20.30.40, enter the following command:
TransferMgr -user admin -upload -dip 10.20.30.40
This will place the device configuration information in the file 10_20_30_40.txt in the configs
directory under the TFTP root directory (by default epc4_1/user/tftp/configs).
• To upload and archive configuration information from device 10.20.30.40 managed by the EPICenter
server running on host snoopy on port 81, with EPICenter login “master” and password “king,”
enter the following command:
TransferMgr -host snoopy -port 81 -user master -password king -upload -a -dip
10.20.30.40
486
EPICenter Software Installation and User Guide
The VlanMgr Utility
Assuming the default location for the TFTP root directory, and assuming that this command was
executed on July 24, 2001 at 10:02 AM, this will place the device configuration information in the file
epc4_1\user\tftp\configs\2001\07\24\10_20_30_40_1002.txt.
• To download version 6.1.8 b11 of the ExtremeWare to an i-series device, enter the following
command:
TransferMgr -user admin -software v618b11.xtr -dip 10.20.30.40
The VlanMgr Utility
The VLAN Manager utility (VlanMgr) allows you to create and delete VLANs. These commands
configure the VLANs on the specified switches as well as adding the VLAN information to the
EPICenter database.
Using the VlanMgr Command
The VlanMgr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By
default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment.
This command includes options for specifying EPICenter server access information, the operation to be
performed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with their
configuration options.
The syntax of the command is as follows:
VlanMgr -user <EPICenter username> -create <VLAN name> -dip
<IP address> <other options> {-dip <IP address> <other options>} ...
VlanMgr -user <EPICenter username> -modify <VLAN name> -dip
<IP address> <other options> {-dip <IP address> <other options>} ...
VlanMgr -user <EPICenter username> -delete <VLAN name>
The EPICenter user name and one of the main options (-create, -modify, or -delete) are required.
The -dip option is required for a create or modify command. Other options are optional.
Table 19 specifies the options you can use with this command:
Table 19: VlanMgr command options
Option
Value
Default
-user <username>
EPICenter user name. This option is required.
None
-password <password>
EPICenter user password. If the password is blank, do not include
this argument.
No
password
-host <hostname | IP
address>
EPICenter server hostname or IP address
localhost
-port <port>
EPICenter server port number
80
-help
Displays syntax for this command
None
EPICenter Software Installation and User Guide
487
EPICenter Utilities
Table 19: VlanMgr command options (continued)
Option
Value
Default
-create <VLAN name>
Create a new VLAN of the specified name.
None
-dip <IP address>
IP address of device to add to VLAN. This option may be repeated.
None
-port <ports>
Ports to be added to VLAN as untagged ports
on the device specified by the preceding -dip
option.
No
untagged
ports
-tagport <ports>
Ports to be added to the VLAN as tagged ports
on the device specified by the preceding -dip
option.
Create a new VLAN:
These options
must immediately
follow the -dip
option to which
they apply.
Each option may
be specified once
per -dip option.
No tagged
ports
-ipf
Enable IP forwarding for this VLAN on the
specified device.
IP
forwarding
disabled
-ip <IP address>/<subnet
mask>
Set an IP address and submask for this VLAN
on the specified device. Format is
xx.xx.xx.xx/nn
No ip
address
-tag <number>
Set a tag value for the VLAN.
Untagged
-protocol <protocol
name>
Set protocol filter.
ANY
-modify <VLAN name>
Reset the configuration of the specified VLAN to the options
specified in this command.
None
-dip <IP address>
IP address of device to be included in the VLAN. This option may be
repeated.
None
-port <ports>
Ports to be included in the VLAN as untagged
ports on the device specified by the preceding
-dip option. If this option is not included, any
untagged ports configured on this device will
be removed from the VLAN.
These options
must immediately
follow the -dip
option to which
they apply.
No
untagged
ports
-tagport <ports>
Ports to be included in the VLAN as tagged
ports on the device specified by the preceding
-dip option. If this option is not included, any
tagged ports configured on this device will be
removed from the VLAN.
Each option may
be specified once
per -dip option.
No tagged
ports
-ipf
Enable IP forwarding for this VLAN on the
specified device. If this option is not included,
IP forwarding will be disabled on this device.
IP
forwarding
disabled
-ip <IP address>/<subnet
mask>
Set an IP address and submask for this VLAN
on the specified device. Format is
xx.xx.xx.xx/nn. If this option is not included, the
VLAN will be reconfigured without a VLAN IP
address.
No IP
address
-tag <number>
Set a tag value for the VLAN. This can be a value between 2 and
4095. If this option is not included, the VLAN will be reset to an
untagged VLAN.
Untagged
Modify VLAN configuration:
488
EPICenter Software Installation and User Guide
The VlanMgr Utility
Table 19: VlanMgr command options (continued)
Option
Value
Default
-protocol <protocol
name>
Set protocol filter. If this option is not included, the protocol will be
reset to ANY.
ANY
Delete the specified VLAN from all switches on which it is
configured.
None
Delete VLAN:
-delete <VLAN name>
• You can specify only one EPICenter server (database) in a command. If you want to create, modify
or delete VLANs for devices managed by multiple EPICenter servers, you must use a separate
command for each server.
• To create a VLAN on multiple switches, use multiple -dip options in a single command.
• The -modify option effectively recreates a VLAN with only the options specified in the command.
Any options not specified are reset to their defaults, and only devices specified with a -dip option in
the modify command will be included in the VLAN.
WARNING!
Only the devices that are explicitly included in a VlanMgr modify command will be included in the
modified VLAN. Any devices in the original VLAN that are not specified in the modify command will
be removed from the VLAN as a result of the modify command. Any options that are not explicitly
specified will be reset to their defaults.
For example, suppose you have untagged VLAN Test1 that includes ports 2, 3,and 4 on device
10.20.30.40. To add ports 1 and 2 on device 10.20.30.50 to the VLAN, you can use the -modify
command, but the command must specify both -dip 10.20.30.50 -port 1,2 and -dip
10.20.30.40 -port 2,3,4. If you do not include device 10.20.30.40 in the command, that device
and its ports will be removed from the VLAN.
VlanMgr Output
The VlanMgr command displays output indicating the progress of the command as it configures the
VLAN.
VlanMgr Examples
The following examples illustrate the usage of these commands.
• To create untagged VLAN test1 consisting of untagged ports 2-5, on the switch with IP address
10.20.30.01, and add it to the EPICenter database running the local server with the default
administrator name and password, enter the following command:
VlanMgr -user admin -create test1 -dip 10.20.30.01 -port 2,3,4,5
This VLAN will be created with no 802.1Q tag, protocol ANY, no IP address assigned, and IP
forwarding disabled.
• To create a tagged VLAN test2 with tag 53, protocol IP, on two switches with tagged ports, IP
forwarding enabled, and an IP address for the VLAN on each switch, enter the following command:
VlanMgr -user admin -create test2 -dip 10.201.20.35 -tagport 10,11 -ipf -ip
10.201.20.100/24 -dip 10.201.20.36 -tagport 11,12,13,14,15 -ipf -ip 10.201.20.102/24
-tag 53 -protocol ip
EPICenter Software Installation and User Guide
489
EPICenter Utilities
This creates the VLAN on switch 10.205.0.35 with member ports 10 and 11, VLAN IP address
10.201.20.100 and VLAN mask 255.255.255.0, and on switch 10.205.0.36 with member ports 11, 12, 13,
14 and 15, VLAN IP address 10.201.20.102 and mask 255.255.255.0.
• To add port 12 on switch 10.201.20.35 to VLAN test2, leaving the configuration otherwise
unchanged, enter the following command:
VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 10,11,12 -ipf -ip
10.201.20.100/24 -dip 10.201.20.36 -tagport 11,12,13,14,15 -ipf -ip 10.201.20.102/24
-tag 53 -protocol ip
Note that this includes all the specifications of the original create command, with the addition of
port 12 to the first -tagport option. This is necessary to preserve the VLAN configuration.
Specifying only the changes you want to make will not have the desired results. The command
VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 12 will result in an error
because no VLAN tag is specified, and it is illegal to add a tagged port to an untagged VLAN.
The command VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 12 -tag
53 (adding just the tag specification) will successfully add port 9 to the VLAN as a tagged port, but
will remove all the other ports on that switch, change the protocol to ANY, disable IP forwarding,
and will remove switch 10.205.0.36 from the VLAN.
• To remove ports 14 and 15 on switch 10.201.20.36 from VLAN test2, enter the following command:
VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 10,11 -ipf -ip
10.201.20.100/24 -dip 10.201.20.36 -tagport 11,12,13 -ipf -ip 10.201.20.102/24 -tag
53 -protocol ip
• To remove switch 10.201.20.36 from VLAN test2, enter the following command:
VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 10,11 -ipf -ip
10.201.20.100/24 -tag 53 -protocol ip
This command recreates the VLAN only on switch 10.201.20.35.
The ImportResources Utility
The ImportResources utility allows you to import user and host resource definitions, and groups
containing those resources, from a source external to the EPICenter system. You can import from an NT
Domain server, an NIS server, or an LDAP directory. You can also import host and user resource
definitions from a tab-delimited text file.
This utility performs the same function as the Import feature in the Grouping Manager. See “Importing
Resources” in Chapter 8 for details on this feature.
Using the ImportResources Command
The ImportResources utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin.
By default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment.
This command includes options for specifying EPICenter server access information, the operation to be
performed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with their
configuration options.
Importing from a File. To import data from a text file, you define the resources you want to import in
a tab-delimited text file. See “Importing from a File” in Chapter 8 for details.
490
EPICenter Software Installation and User Guide
The ImportResources Utility
Importing from an LDAP Directory. Importing from an LDAP directory uses an import specification
file that defines the following:
• The information you want to extract from the directory.
• How to map that data to groups, resources, and attributes in the EPICenter Grouping module.
The specification file must be named LDAPConfig.txt, and must reside in the EPICenter user/import
directory. See “Importing from an LDAP Directory” in Chapter 8 for details.
Importing from an NT Domain Controller or NIS Server. Importing from an NT Domain Controller
or NIS server is always done from the Domain Controller or NIS server that is serving the domain for
the system running the EPICenter server. The type of system you are running will determine where the
EPICenter server looks for the information. See “Importing from an NT Domain Controller or NIS
Server” in Chapter 8 for details.
The syntax of the ImportResources command is as follows:
ImportResources -user <EPICenter username> -s <source name>
[-f <file name>| -ldap | -domain ]
The EPICenter user name and one of the import type options (-f, -ldap, or -domain) are required.
Table 20 specifies the options you can use with this command:
Table 20: ImportResources command options
Option
Value
Default
-user <username>
EPICenter user name. This option is required.
None
-password <password>
EPICenter user password. If the password is blank, do not
include this argument.
No password
-host <hostname | IP address>
EPICenter server hostname or IP address
localhost
-port <port>
EPICenter server port number
80
-help
Displays syntax for this command
None
-s <Source name>
A name that will identify the source of the imported
resources. This name is used to create a group under
which all the resources imported in this operation are
placed.
None
-f <file name>
The name of a tab-delimited text file that contains the data
to be imported. See “Importing from a File” in Chapter 8 for
details.
None
-ldap
Specifies that the information to be imported is from an
LDAP directory. Requires a specification file named
LDAPConfig.txt, that resides in the EPICenter user/import
directory. See “Importing from an LDAP Directory” in
Chapter 8 for details.
None
-domain
Specifies that the information to be imported is from an NT
Domain Controller server or a Solaris NIS server. See
“Importing from an NT Domain Controller or NIS Server” in
Chapter 8 for details.
None
EPICenter Software Installation and User Guide
491
EPICenter Utilities
ImportResources Examples
The following examples illustrate the usage of these commands.
• To import resources from a tab-delimited file named importdata.txt into a source group named
ImportedUsers in the EPICenter database running the local server with the default administrator
name and password, enter the following command:
ImportResources -user admin -s ImportedUsers -f importdata.txt
• To import resources from an LDAP directory from a LDAP server into a source group named
CorpUsers in the EPICenter database running on host snoopy on port 81, with EPICenter login
“master” and password “king,” enter the following command:
ImportResources -host snoopy -port 81 -user master -password king
-s CorpUsers -ldap
This requires a configuration file named LDAPConfig.txt to be present in the EPICenter
user/import directory.
• To import resources from an NT Domain server into a source group named NewUsers in the
EPICenter database running the local server with the default administrator name and password,
enter the following command:
ImportResources -user admin -s NewUsers -domain
This imports user data from the NT domain controller that is serving the domain where the
EPICenter server resides.
492
EPICenter Software Installation and User Guide
C EPICenter External Access Protocol
This appendix describes:
• The EPICenter external access protocol structure and commands
• The client Tcl API, a higher-level API based on the External Access Protocol
External Access Protocol Overview
The EPICenter external access protocol enables you to access data from the EPICenter data for use
within other applications. It also lets you enable and disable EPICenter policies, and configure those
policies on Extreme devices.
External Access Protocol Structure
The external access protocol consists of three layers: transport, encoding, and command protocols. This
section briefly describes each layer.
Transport Layer
The EPICenter External Access is provided through a TCP connection. The external application must
first establish a persistent TCP connection with the EPICenter server. The EPICenter server listens on a
TCP port on the server machine for incoming connections. The EPICenter server picks a dynamic port
number that is not in use on the server machine during startup. This port number can be discovered by
the external application by sending an HTTP request to:
http://<EPICenter_host>:<EPICenter_web_port>/everest/getport
EPICenter_host is the IP number or host name of the machine on which the EPICenter server is
running. EPICenter_web_port is the port number for the EPICenter Web server. The result of this URL
is a number. This number is the port number on which the EPICenter server is listening for external
applications to establish the connection. If the external application receives an error while accessing the
above URL, then the EPICenter server is not running or the server is not listening for external
connections.
EPICenter Software Installation and User Guide
493
EPICenter External Access Protocol
Encoding Layer
The encoding of all data transmitted through the transport layer uses a set of HTML/XML-like
encoding rules. All data are transmitted as values enclosed in tags. For example:
<TAG1>value1</TAG1>
The first tag is the begin tag. Following the begin tag, a value is supplied, which can be empty. It is
followed by the end tag. The rules for the tags are:
• A tag is enclosed in < and >.
• Tag content is case insensitive.
• A tag is a begin tag if its first word does not start with /.
• A tag is an end tag if the first word starts with /.
• A begin tag must be matched with an end tag.
• A begin tag end tag pair can be enclosed within another pair of begin and end tags.
The tags recognized by the EPICenter server are the following:
• <COMMAND></COMMAND> encloses an EPICenter server command.
• <PARAM></PARAM> encloses an EPICenter server command parameter.
• <H2></H2> encloses a message returned by the EPICenter server.
• <TABLE></TABLE> encloses a table returned by the EPICenter server.
• <TR></TR> are used in a table response from the EPICenter server.
• <TD></TD> are used in a table response from the EPICenter server.
Data values appear between a begin tag and an end tag. Data values are encoded using the following
rules:
• Only HTML-compatible 7-bit ASCII characters are used to represent application data values. All data
values are represented using 7-bit ASCII characters. There is no binary data representation.
• Characters with ASCII value 9, 10, 13, 33, 35–37, 39–59, 61, 63–126 are sent using their original ASCII
values. For example 'a' is sent as 'a', '\n' is represented as '\n'.
• All other ASCII characters and any two byte Unicode characters are sent using “&#vwxyz;”, where
vwxyz is the decimal value of the character. For example, '<' is sent using “&#60;” where 60 is the
decimal value of the ‘<’ character.
• All numeric values of integer, short, long, float, and double format are sent using their textual
decimal representation. For example, 123, 139.32, 23.3e-12.
• A byte is sent using its two digit hex representation in textual form. For example, the byte value
“210” is sent as “D2”.
• A character array or string is sent as a sequence of characters, each using the encoding rule outlined
in 2 and 3.
• A byte array is sent using a sequence of bytes. Each byte is sent using the encoding rule outlined in
5.
• There is no method for representing a null value.
• All characters are significant if appearing in the data value, including all newlines, carriage returns
and tabs.
494
EPICenter Software Installation and User Guide
External Access Protocol Structure
Command Protocol Layer
Using the transport mechanism and the encoding rules described above, the EPICenter server uses the
following command protocols. The external application may send a request to the server in the
following format. (Italic words are to be substituted by the external application. Other characters using
the regular font should be used as is.)
<COMMAND><PARAM>command name</PARAM><PARAM>argument 1</PARAM><PARAM>argument
2</PARAM>...<PARAM>argument n</PARAM></COMMAND>
The EPICenter servers always respond with a message or a table. A message is sent back to the external
application as:
<H2>#, message text</H2>
where # is a result status such as “ERROR” or “REQUEST COMPLETE”
A table is sent back to the external application as:
<TABLE>
<TR>
<TD>value
<TD>value
...
</TR>
<TR>
<TD>value
<TD>value
...
<TR>
...
<TR>
<TD>value
<TD>value
...
</TR>
</TABLE>
for column 1, row 1</TD>
for column 2, row 1</TD>
for column 1, row 2</TD>
for column 2, row 2</TD>
for column 1, row n</TD>
for column 2, row n</TD>
The EPICenter server responds to any requests sent by the external application using the above format.
The external application first establishes a TCP connection with the EPICenter server. Then the external
application must initiate a request by sending a command and any command arguments to the
EPICenter server. The EPICenter server responds by sending any results back to the external application
through the TCP connection.
A normal sequence of requests and responses is as follows:
1 The external application sends an HTTP request to the EPICenter server to get the port number, as
follows: http://<EPICenter_server>:<EPICenter_web_port>/everest/getport
2 The external application establishes a connection with the EPICenter server on the port number
retrieved from step 1.
3 The external application sends a “login” command request to the EPICenter server.
4 The EPICenter server verifies the login request and responds with a login success or failure. If the
login fails, the external application may try step 2 again. The external application has 60 seconds to
successfully login. After 60 seconds, the EPICenter server closes the TCP connection with the
external application if no successful login is established.
EPICenter Software Installation and User Guide
495
EPICenter External Access Protocol
5 The external application sends a “dbquery” command request and arguments to the EPICenter
server.
6 The EPICenter server sends a response back to the external application.
7 Step 4 through 5 may be repeated as many times as needed.
8 The external application sends a “logout” command request to the EPICenter server.
9 The EPICenter server closes the TCP connection with the external application.
The EPICenter server accepts a maximum of 5 simultaneous external connections. The next section
describes the set of commands understood by the EPICenter server.
EPICenter Server Commands
Login Command
The external application should send the following data to login:
<command><param>login</param><param>name</param><param>password</param></command>
name and password should be substituted by the external application.
If the login is successful, the server sends:
<H2>REQUEST COMPLETE, welcome to the EPICENTER server</H2>
If the login failed, the server sends:
<H2>ERROR, Invalid login, try again.</H2>
The external application should check the result code in the message to determine the success or failure
of the login. “REQUEST COMPLETE” is login successful, “ERROR” is login failed.
Dbquery Command
The external application may send the following to issue a dbquery command:
<command><param>dbquery</param><param>sql</param>[<param>variable
1</param>...]</command>
sql is a SQL SELECT statement that may contain ? characters for variable substitution. For each ? in the
SQL statement, there must be a corresponding <PARAM> variable </PARAM> where the variable will
be placed in the location of the ? character when the server process the SELECT statement. For example:
<command><param>dbquery</param><param>select * from Employee where name =
‘Bob’</param></command>
<command><param>dbquery</param><param>select * from Employee where name = ?
</param<PARAM>Bob</PARAM></command>
Both query command produces the same result. But the second form of the SQL query using the ?
substitution allows the external application to specify values without using any special quoting.
For example, given the following SQL query:
select * from Store where name = ‘Al’s Brewery’
496
EPICenter Software Installation and User Guide
External Access Protocol Structure
Note that the name must match “Al’s Brewery”, which has a ‘ (single quote) character in it. But the
standard SQL statement must quote its string inside a pair of single quote characters. As a result, the
external application must specify the above query using the following select statement:
select * from Store where name = ?
followed by “Al’s Brewery” as a separate parameter to be substituted for the ?.
The EPICenter server responds to the dbquery command with either an error message or a table of
results. If an error occurs while processing the query, the server sends back:
<H2>ERROR, error message text</H2>
If it is a table of results, the EPICenter server sends back a table of 2 or more rows. The first row
contains the column name of each column in the resulting table. The second row contains the column
type of each column in the resulting table. Rows 3 to n contains the actual row values in the table. For
example, if the external application sends the following:
<command><param>dbquery</param><param>select * from Employee</param></command>
The result may be:
<TABLE>
<TR>
<TD>name</TD>
<TD>age</TD>
</TR>
<TR>
<TD>varchar(10)</TD>
<TD>integer</TD>
</TR>
<TR>
<TD>Bob</TD>
<TD>31</TD>
</TR>
<TR>
<TD>Jane</TD>
<TD>27</TD>
</TR>
</TABLE>
When viewed as a table, the returned result looks as follows:
name
age
varchar(10)
integer
Bob
31
Jane
27
Policy Command
The policy command can be used by an external application to control the policy server. The external
application must be logged in to the EPICenter server with administrator or manager privilege (see
Login command). The policy command has the following syntax:
<command><param>policy</param><param>command</param>[<param>arg1</param>...]</command>
EPICenter Software Installation and User Guide
497
EPICenter External Access Protocol
command is one of the following:
enable
Enables one or more policies by name. The arguments to this command are one or more policy
names.
disable
Disables one or more policies by name. The arguments to this command are one or more
policy names.
configure
Configures all policies on a set of devices.
The external application can provide an optional set of arguments to specify the devices that
should be configured.
If no arguments are present, all policies are applied to all devices being managed.
If arguments are present, then each argument is assumed to be either the IP address of a
device or the name of a device or group object.
•
If the argument is an IP address, then policies on the device with that IP address are
configured.
•
If the argument is a name, then all devices with that name are configured, and devices
within groups with that name are configured.
The result from one of these commands is a single message from the server in the form of:
<H2>ERROR, error message text</H2>
or
<H2>REQUEST COMPLETE, server message text</H2>
Logout Command
The external application sends the following to logout from the EPICenter server:
<command><param>logout</param></command>
The EPICenter server sends the following response and closes the TCP connection immediately
afterward.
<H2>INFO, See you later</H2>
Other Commands
When the EPICenter server receives a command that it cannot understand, the server responds with:
<H2>ERROR, Unknown command “command_name”</H2>
Other Tags
When the external client sends anything in the tag value format that is not a <COMMAND>...</COMMAND>,
the EPICenter server ignores such data and does not respond.
Tcl Client API
The EPICenter server commands are sufficient for any external application to communicate with the
EPICenter server. However, the EPICenter software also provides a client API that makes it easier for
third-party developers to develop external applications that communicate with the EPICenter server.
498
EPICenter Software Installation and User Guide
Tcl Client API
Use of this API is not required, although developers may find this API more convenient to use than
communicating directly through the TCP connection.
The Tcl API is structured as a Tcl package, and is written for Tcl 8.3 or later.
Installing and Using the Tcl Client API
A Tcl application may install the EPICenterTcl Client API package by copying the directory
<EPICenter_install_dir>/tcl/lib/extreme/extr to their Tcl/lib directory.
Alternatively, the Tcl application may append the location
<EPICenter_install_dir>/tcl/lib/extreme/extr to the Tcl auto_path variable. This allows Tcl to
find the code for the EPICenter Tcl Client API.
In Solaris, you must also set the environment variable LD_LIBRARY_PATH to the location of the tcl/lib
directory.
To use the EPICenter Tcl Client API, the Tcl application must include the following statement:
package require extr
This automatically loads the required code into the Tcl application from the <path>/extr directory. The
package creates a extr name space, in which a set of Tcl functions is available to the Tcl application.
These functions allow the Tcl application to connect, login, send database queries, send policy
configuration commands, and logout from an EPICenter server. The functions use Tcl sockets to connect
with the EPICenter server, send commands and receive responses according to the EPICenter external
access protocol.
See <path>/extr/extr.tcl for documentation and implementation of the Tcl functions.
The following namespace variable is available to the Tcl application:
extr::version
the version number of the Tcl Client API package. e.g. 3.1
Tcl Exported Functions
The following section describes the four functions exported from the extr namespace. Most Tcl
applications can use these four functions to communicate with the EPICenter server.
Connect Function
#
# extr::connect ?hostname? ?portnum? ?servlet?
#
#
Opens a connection with the given hostname and port number.
#
First use http://$hostname:$portnum/$servlet/getport to
#
retrieve the currently server side port number. Then use a
#
socket to connect to that port number.
#
# Arguments:
#
hostname (optional) ip or host name of the EPICenter
#
server. Defaults to "localhost".
#
httpport (optional) the port number of the EPICenter Web
#
server. Defaults to 80.
EPICenter Software Installation and User Guide
499
EPICenter External Access Protocol
#
servlet
(optional) the path to the EPICenter servlet. Defaults to
#
"everest"
#
# Returns:
#
channel_id
channel id of the socket connecting to the
#
remote EPICenter server.
# Exception:
#
When the connection cannot be established, this function
#
throws an error.
#
Login Function
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
extr::login channel_id ?name? ?password?
Send the given name and password to the EPICenter server to login.
If the client does not login, the server will close the
connection after a timeout.
Arguments:
channel_id channel id returned by extr::connect
name
(optional) login name. Defaults to "user"
password
(optional) password. Defaults to "" (no password)
Returns:
1
0
login is successful
login failed
Exceptions:
This function may throw an error if there is a problem
communicating with the server through the given channel.
extr::logout channel_id
Log out the current connection with the EPICenter server.
Argument
channel_id
channel id returned by extr::connect
Returns:
<none>
Exceptions:
<none>
500
EPICenter Software Installation and User Guide
Tcl Client API
Query Function
#
# extr::query channel_id ?-raw | -decode flag | -command cmd? sql ?arg arg ...?
#
#
Sends a sql command to the EPICenter server. Retrieves the result.
#
The result of the command can be either an error message
#
signaling that there is some syntax error about the sql
#
command, or a table of data. The EPICenter server returns the
#
data using its external protocol.
#
#
Currently, only "Select ..." sql statement is accepted by the
#
EPICenter server. The where clause of the sql statement may contain
#
’?’. For each ’?’, the caller must specify an additional
#
argument containing the value to replace the ’?’ in the sql
#
statement. For example:
#
#
extr::query $cid \
#
"select name_column from Table_A where name_column = ?" \
#
"Bob’s Row"
#
#
The string {Bob’s Row} replaces the ? in the sql query. In
#
this example, the caller does not need to quote the string in
#
the where clause of the sql statement.
#
#
The result from the EPICenter server is a table encoded in HTML/XML
#
style tags. The caller may choose to receive this data in its
#
raw encoded form by using the "-raw" option. This function
#
can also return the result already decoded into a list of list
#
of cell data if -raw is not specified.
#
#
The caller can optionally specify -command cmd. If this is
#
specified, then the user supplied "cmd" is executed after each
#
row of data is received. See below for the definition of the
#
"cmd" callback function.
#
#
cmd dataType dataValue
#
#
dataType
- one of ERROR, TABLE_BEGIN,
#
COLUMN_NAME, COLUMN_TYPE,
#
ROW_DATA, TABLE_FINISH.
#
dataValue
- the value returned from the server
#
#
ERROR
- The given dataValue is an error message
#
returned by the server.
#
TABLE_BEGIN - Begin of a table. If called with this
#
type, then the dataValue is always {}
#
COLUMN_NAME - The given dataValue is a list of column names
#
returned by the database. This is the first
#
thing returned by the server when there is no
#
errors.
#
COLUMN_TYPE - The given dataValue is a list of column types.
#
This is the 2nd thing returned by the server
#
when there are no errors.
#
ROW_DATA
- The given value is a list of column values
#
for one data row.
#
TABLE_FINISH - End of the table from the server. When
EPICenter Software Installation and User Guide
501
EPICenter External Access Protocol
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
this is called, the dataValue is the total
number of data rows fetched.
An example callback function may look like this:
proc myCallBack { dataType dataValue } {
switch $dataType {
TABLE_BEGIN {puts "table beginning\n"}
TABLE_FINISH {puts "table finished with $dataValue rows.\n"}
COLUMN_TYPE {...}
...
}
}
The return value from "cmd" is ignored. If "cmd" throws an
error, then the query commands returns with the error. But
query will consume all remaining outputs from the server
without calling "cmd" further. The dataValue passed to the
’cmd’ are not decoded like in the -raw option. But unlike the
-raw option, the values are placed inside a list when the value
represents row data such as COLUMN_NAME, COLUMN_TYPE, and
ROW_DATA dataType.
Arguments:
channel_id
-raw
-decode flag
-command cmd
sql
arg arg ...
Returns:
list
<or>
string
<or>
none
channel id returned by extr::connect
(optional) the constant "-raw", which controls
result data format
(optional) 1 if we want to decode the data
portion when returning as a list. 0 means don’t
decode the data portion. Default is to decode.
(optional) the cmd callback, this option is
mutually exclusive with respect to the -raw
option above.
the sql statement
(optional) a variable list of 0 or more values,
one for each ? appearing in the sql statement
a list of list of table cell data if no -raw
option is given. Or if -command is used, this
is a list of returned values from the calls to
"cmd".
a string in the form of "<TABLE> ... </TABLE>"
for table result or "<H2> ... </H2>" for server
side error message if -raw option is given
if -command option is used.
Exceptions:
This function may throw an error if there is a communication
problem with the given channel. Additionally, if no -raw
option is given, any server returned message also results in
an error.
502
EPICenter Software Installation and User Guide
Tcl Client API
Policy Function
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
extr::policy channel_id [enable|disable|configure] ?arg arg ...?
Sends a policy command to the EPICenter server. A policy command can
be used to control policy operations on the EPICenter server.
Currently the following policy commands are supported:
enable policy_name ?policy_name policy_name ...?
Enables the policies on the EPIcenter server.
arguments are a list of policy names.
The
disable policy_name ?policy_name policy_name ...?
Disables the policies on the EPIcenter server.
arguments are a list of policy names.
The
configure ?[device_ip | group_name] ...?
Configures policy on devices. The devices are specified
either as device ip address, or as a group name. If a
group name is given, all devices within the group are
configured.
During configuration, all policy types are
configured. If no argument is given, the all devices are
configured.
Note: must be logged in using an account with administrator or
manager access level to use this command.
Arguments:
cid
policy_command
arg arg ...
channel id returned by extr::connect
enable | disable | configure
arguments to the policy_command
Returns:
message
the result message from the server
Exceptions:
This function may throw an error if there is a communication
problem with the given channel.
EPICenter Software Installation and User Guide
503
EPICenter External Access Protocol
504
EPICenter Software Installation and User Guide
D EPICenter Database Views
This appendix describes the most useful views in the EPICenter database for the purpose of creating Tcl
scripts for use in Reports or as Alarm actions.
The variables in these views can be accessed using the methods defined in the file extr.tcl found in
the <install_dir>/tcl/lib/extreme/extr directory, where <install_dir> is the directory where the
EPICenter software resides. They can also be used by external applications.
Device Report View
Table 21: EPICenter Database Device Report View
Extreme_Device_Report
Extreme_Device_Report is a database view that has one row for each device that is being managed by the
EPICenter server. Some of the columns in the view contain Extreme specific information. If a device is not an
Extreme device, the Extreme specific columns contain empty values, such as an empty string.
Column Name
Column
Type
device_id
integer
A database unique id identifying a device.
as the primary key.)
enterprise_oid
integer
The enterprise id, e.g. 1916 for extreme networks.
system_oid
string
The partial system oid, e.g. “1916.2.7” for Summit 24.
device_group_names
string
The EPICenter device group name(s) of the device group(s) to which
this device belongs, e.g. “default, g1.”
device_type_name
string
The type of the device, e.g. “BlackDiamond 6808”
ip
string
The IP address of the device, e.g. “10.205.0.1”.
mac
string
The MAC address of the device, e.g. “00:e0:2b:00:5e:00”.
sysName
string
The sysName of the device.
sysDescription
string
The sysDescription of the device.
sysLocation
string
The sysLocation of the device.
EPICenter Software Installation and User Guide
Description
(This column can be used
505
EPICenter Database Views
Column Name
Column
Type
Description
sysContact
string
The sysContact of the device.
read_write_community
string
The read/write SNMP community string.
read_only_community
string
The read-only SNMP community string.
cli_login
string
The CLI/Telnet login name of the device.
cli_password
string
The CLI/Telnet password for the above login.
status
string
The status of the device: “operational”, “marginal”, or “not responding”.
boot_time
string
The boot time of the device in GMT, e.g. “2000-11-13 21:05:28”.
hardware_id
string
The vendor specific hardware id of the device (not all device have a
hardware id).
reserved
string
Reserved field, only used by a Cisco device to store Cisco specific
information.
ip_forwarding
string
“true” if the device is a router, “false” otherwise.
current_software
string
The software version of the device.
The following columns are Extreme specific:
primary_image
string
The primary software image version on the device, e.g. “4.1.9 (2)”.
secondary_image
string
The secondary software image version on the device, e.g. “6.1.5b20”.
boot_rom
string
The version of the device’s boot rom, e.g. “7.2”.
image_after_reboot
string
The image to use after a switch reboot: “primary”, “secondary”, “neither”,
or “unknown”.
board_number
string
The hardware board number.
other_numbers
string
Other hardware board numbers.
serial_numbers
string
The serial number of the device.
fan_status_string
string
The status of all fans on the device, e.g. “fan 1 OK; fan 2 OK; fan 3
OK”.
selected_configuration
string
The currently selected configuration on the device: “primary” or
“secondary”.
power_status_string
string
The status of the primary power supply of the device: “fan/temperature
alarm”, “not present”, “OK”, “failed”, or “unknown”.
rps_status
string
The status of the redundant power supply of the device:
“fan/temperature alarm”, “not present”, “OK”, “failed”, or “unknown”.
voltage
string
The voltage of the power supplied to the device: “110 AC”, “220 AC”, “48
DC”, or “unknown”.
temperature
integer
The current operating temperature of the device in centigrade, e.g. 48.
default_gateway
string
The default gateway of the device, e.g. “10.205.0.1”.
506
EPICenter Software Installation and User Guide
Interface Report View
Interface Report View
Table 22: EPICenter Database Interface Report View
Extreme_Interface_Report
Extreme_Interface_Report is a database view that has one row for each interface that is being managed by the
EPICenter server. Some of the columns in the view contain Extreme specific information. For interface that is
not on an Extreme device, the Extreme specific columns are empty, such as an empty string.
Column Name
Column
Type
device_id
integer
A database unique id identifying a device. (This column and the ifIndex
column below can be used as the primary key.)
ifIndex
integer
The ifIndex of the interface. (This column and the device_id column
above can be used as the primary key.)
ifType
integer
The ifType of the interface.
ifPhysicalAddress
string
The ifPhysicalAddress (MAC address) of the interface.
ifDescription
string
The ifDescription of the interface.
port_name
string
The ifAlias of the interface.
configured_media
string
The configured media information of the interface, e.g. “100BaseTX, full
duplex”.
actual_media
string
The actual media information of the interface, e.g. “10BaseTX, half
duplex”.
auto_negotiation
string
The status of auto negotiation of the interface: “true” or “false”.
admin_status
string
The admin status of the interface: “enabled” or “disabled”.
operation_status
string
The operational status of the interface: “active”, “ready”, or “failed”.
Description
The following columns are Extreme specific:
IP_Address
string
The IP address of the device, to which this interface belongs to, e.g.
“10.205.0.31”.
port_number
string
The Extreme specific representation for the interface, e.g. “1:3” or “12”.
redundant_media
string
Specify which media is active, for interfaces without any redundant
media, the value is always “primary”. For interfaces with redundant
media, the value can be either “primary or redundant”.
algorithm
string
When the interface is in load-sharing mode, specify the port sharing
algorithm: “none”, “port based”, “address based”, “round robin”, or
“unknown”.
member_port_number
string
When the interface is in port sharing mode, specify all members of the
port sharing group, e.g. “1:1, 2:1, 2:2, 2:3”.
unsignedIPInt
integer
The IP address number of the device, to which the interface belongs.
This is the same IP address as in the IP_Address column, except that
the address is represented using a unsigned 32-bit integer: e.g. the IP
Address “10.205.0.1” is represented as 181207041.
edge
string
Whether the port is classified as an “Edge” or “Uplink” port.
EPICenter Software Installation and User Guide
507
EPICenter Database Views
Database Event Log View
Table 23: EPICenter Database Event Log View
Event_Log_View
Event_Log_View is a database view that shows the EPICenter alarm event log, but making the data from each
column into a human readable format.
Column Name
Column
Type
event_log_id
integer
An unique id for the event log entry. (This column can be used as the
primary key.)
event_timeticks
integer
The time when the event happened. This time is shown as
milliseconds since 1970-01-01 00:00:00 GMT.
event_time
string
The time when the event happened. This is the same time as the
event_timeticks column except that the time is shown as a string. E.g.
“2000-10-21 14:20:21 GMT”
event_source
string
The IP (and the ifIndex, if appropriate) of the source, from which the
event is generated. E.g. “10.205.0.31”, “10.205.0.31, port 2:1”, or
“10.205.0.2, ifIndex 10”.
event_type
string
The type of the event, e.g. “SNMP Trap: Cold Start”
event_ip
string
The IP address of the source, from which the event is generated. E.g.
“10.205.0.31”
event_generic
integer
For SNMP trap based event, this is the generic field of the trap.
event_specific
integer
For SNMP trap based event, this is the specific field of the trap.
event_enterprise
string
For SNMP trap based event, this is the enterprise field of the trap.
event_varbinds
string
For SNMP trap based event, this is the varbinds of the trap.
unsignedIPInt
integer
The IP address number of the device, from which the event originates.
This is the same IP address as in the event_ip column, except that the
address is represented using a unsigned 32-bit integer: e.g. the IP
Address “10.205.0.1” is represented as 181207041.
event_count
integer
The number of consecutive traps of the same type and source
received for this event.
508
Description
EPICenter Software Installation and User Guide
Database Alarm Log View
Database Alarm Log View
Table 24: EPICenter Database Alarm Log View
Alarm_Log_View
Alarm_Log_View is a database view that shows the EPICenter alarm log, but making the data from each column
into a human readable format.
Column Name
Column
Type
alarm_time
integer
The time when the event happened. This time is shown as
milliseconds since 1970-01-01 00:00:00 GMT. This time is unique for
all alarm logs. (This column can be used as the primary key.)
name
string
The name of the alarm definition, to which this alarm instance belongs.
category
string
The alarm category as defined in the alarm definition.
source
string
The IP (and the ifIndex, if appropriate) of the source, from which the
event that triggered the alarm is generated. E.g. “10.205.0.31”,
“10.205.0.31, port 2:1”, or “10.205.0.2, ifIndex 10”.
severity
string
The severity of the alarm as defined in the alarm definition.
msg
string
The alarm message as defined in the alarm definition.
ack
byte
A byte value in hexadecimal representation specifying whether the
alarm is ack’ed or not, 00 – not ack’ed; 01 – ack’ed.
event_log_id
integer
The event log id of the event that triggers the alarm.
unsignedIPInt
integer
The IP address number of the device, from which the event that
triggers the alarm originates. This is the same IP address as in the
event_ip column, except that the address is represented using a
unsigned 32-bit integer: e.g. the IP Address “10.205.0.1” is represented
as 181207041.
EPICenter Software Installation and User Guide
Description
509
EPICenter Database Views
510
EPICenter Software Installation and User Guide
E Event Types for Alarms
This appendix describes the events that can be detected through the EPICenter Alarm System:
• SNMP traps
• RMON Rising and Falling traps
• EPICenter events
• Syslog messages
Unless stated otherwise, events defined below are applicable to all MIB-2 devices managed by the
EPICenter server.
SNMP Trap Events
Table 25: SNMP Trap Events
Event
Definition
Authentication Failed
This trap indicates that a SNMP request with an invalid community
string is issued to the device.
ExtremeWare
Version
All
BGP Backward Transition The BGPBackwardTransition Event is generated when the BGP FSM
moves from a higher numbered state to a lower numbered state.
6.1.9 or later
BGP Established
The BGP Established event is generated when the BGP FSM enters
the ESTABLISHED state.
6.1.9 or later
BGP Prefix Max
Exceeded
Extreme Networks proprietary trap. This trap indicates that the number 6.2.2 or later
of prefixes received over this peer session has reached the maximum
configured limit.
BGP Prefix Reached
Threshold
Extreme Networks proprietary trap. This trap indicates that the number 6.2.2 or later
of prefixes received over this peer session has reached the threshold
limit.
Cold Start
This trap indicates that the device is rebooted by power recycling.
Extreme switches always send out this trap after a reboot.
All
CPU Utilization Falling
Threshold
Extreme Networks proprietary trap. CPU Utilization Falling Trap is
generated when the extremeCpuAggregateUtilization falls below 80%
of the extremeCpuUtilRisingThreshold.
6.2 or later
EPICenter Software Installation and User Guide
511
Event Types for Alarms
Table 25: SNMP Trap Events (continued)
ExtremeWare
Version
Event
Definition
CPU Utilization Rising
Threshold
Extreme Networks proprietary trap. CPU Utilizations Rising trap is
generated when the value of extremeCpuAggregateUtilization
touches/crosses extremeCpuUtilRisingThreshold.
6.2 or later
Dsx1 Line Status Change Extreme Networks proprietary trap. Indicates that the DS1 line status
change for the specified interface has been detected.
6.1.8b66
Dsx1 Loss of Master
Clock
Extreme Networks proprietary trap. Indicates that the
wanDsx1LossOfMasterClock event for the specified interface has
been detected.
6.1.8b66
Dsx1 No Loss of Master
Clock
Extreme Networks proprietary trap. Indicates that the
wanDsx1NoLossOfMasterClock event for the specified interface has
been detected.
6.1.8b66
Dsx3 Line Status Change Extreme Networks proprietary trap. Indicates that the T3 line status
change for the specified interface has been detected.
6.1.8b66
Dsx3 Loss of Master
Clock
Extreme Networks proprietary trap. Indicates that the
wanDsx3LossOfMasterClock event for the specified interface has
been detected.
6.1.8b66
Dsx3 No Loss of Master
Clock
Extreme Networks proprietary trap. Indicates that the
wanDsx3NoLossOfMasterClock event for the specified interface has
been detected.
6.1.8b66
EDP Neighbor Added
Extreme Networks proprietary trap. A new neighbor has been
discovered through the Extreme Discovery Protocol (EDP).
6.1 or later
EDP Neighbor Removed
Extreme Networks proprietary trap. No EDP updates have been
received from this neighbor within the configured timeout period, and
this neighbor entry has been aged out by the device.
6.1 or later
EGPNbrLoss
An EGP neighbor for which the device is an EGP peer is down and
the peer relationship no longer exists. An Extreme Networks switch
never sends out this trap.
None
ESRP State Change
Extreme Networks proprietary trap. This trap indicates that the ESRP
state (master or slave) of a VLAN has changed on the device.
6.0 or later
Fan Failed
Extreme Networks proprietary trap. This trap indicates one or more of
the cooling fans inside the device has failed. A fan OK trap will be
sent once the fan has attained normal operation. This trap is sent
repetitively every 30 seconds until all the fans are back to normal
condition.
All
Fan OK
Extreme Networks proprietary trap. This trap indicates that a fan has
transitioned out of a failure state and is now operating correctly.
All
Health Check Failed
Extreme Networks proprietary trap. The CPU HealthCheck has failed
6.1.5 or later
Invalid Login
Extreme Networks proprietary trap. This trap indicates that a user
attempted to login to console or by telnet but was refused access due
to incorrect user name or password. The trap is issued after three
consecutive failure of log in.
All
Link Down
This trap indicates that a port becomes inactive from previous active
state.
All
Link Up
This trap indicates that a port becomes active from previous inactive
state.
All
MAC Security Trap
Extreme Networks proprietary trap. This trap is generated for a port
on which limit-learning has been configured when a new MAC
address exceeding the limit is learned on the specified port.
512
EPICenter Software Installation and User Guide
SNMP Trap Events
Table 25: SNMP Trap Events (continued)
ExtremeWare
Version
Event
Definition
OSPF Interface
Authentication Failure
An ospfIfAuthFailure trap signifies that a packet has been received on
a non-virtual interface from a router whose authentication key or
authentication type conflicts with this router’s authentication key or
authentication type.
6.1.9 or later
OSPF Interface Config
Error
An ospfIfConfigError trap signifies that a packet has been received on
a non-virtual interface from a router whose configuration parameters
conflict with this router’s configuration parameters. Note that the event
optionMismatch should cause a trap only if it prevents an adjacency
from forming.
6.1.9 or later
OSPF Interface Receive
Bad Packet
An ospfIfRxBadPacket trap signifies that an OSPF packet has been
received on a non-virtual interface that cannot be parsed.
6.1.9 or later
OSPF Interface State
Change
An ospfIfStateChange trap signifies that there has been a change in
6.1.9 or later
the state of a non-virtual OSPF interface. This trap should be
generated when the interface state regresses (e.g., goes from Dr to
Down) or progresses to a terminal state (i.e., Point-to-Point, DR Other,
Dr, or Backup).
OSPF LSDB Approaching An ospfLsdbApproachingOverflow trap signifies that the number of
Overflow
LSAs in the router’s link-state database has exceeded ninety percent
of ospfExtLsdbLimit.
6.1.9 or later
OSPF LSDB Overflow
An ospfLsdbOverflow trap signifies that the number of LSAs in the
router’s link-state database has exceeded ospfExtLsdbLimit.
6.1.9 or later
OSPF Max_Age LSA
An ospfMaxAgeLsa trap signifies that one of the LSA in the router’s
link-state database has aged to MaxAge.
6.1.9 or later
OSPF Neighbor State
Change
An ospfNbrStateChange trap signifies that there has been a change in 6.1.9 or later
the state of a non- virtual OSPF neighbor. This trap should be
generated when the neighbor state regresses (e.g., goes from Attempt
or Full to 1-Way or Down) or progresses to a terminal state (e.g.,
2-Way or Full). When an neighbor transitions from or to Full on
non-broadcast multi-access and broadcast networks, the trap should
be generated by the designated router. A designated router
transitioned to Down will be noted by ospfIfStateChange.
OSPF Originate LSA
An ospfOriginateLsa trap signifies that a new LSA has been originated
by this router. This trap should not be invoked for simple refreshes of
LSAs (which happens every 30 minutes), but instead will only be
invoked when an LSA is (re)originated due to a topology change.
Additionally, this trap does not include LSAs that are being flushed
because they have reached MaxAge.
6.1.9 or later
OSPF TX_Retransmit
An ospfTxRetransmit trap signifies than an OSPF packet has been
retransmitted on a non- virtual interface. All packets that may be
retransmitted are associated with an LSDB entry. The LS type, LS ID,
and Router ID are used to identify the LSDB entry.
6.1.9 or later
OSPF Virtual Interface
Authentication Failure
An ospfVirtIfAuthFailure trap signifies that a packet has been received
on a virtual interface from a router whose authentication key or
authentication type conflicts with this router’s authentication key or
authentication type.
6.1.9 or later
OSPF Virtual Interface
Config Error
An ospfVirtIfConfigError trap signifies that a packet has been received
on a virtual interface from a router whose configuration parameters
conflict with this router’s configuration parameters. Note that the event
optionMismatch should cause a trap only if it prevents an adjacency
from forming.
6.1.9 or later
OSPF Virtual Interface
Receive Bad Packet
An ospfVirtIfRxBadPacket trap signifies that an OSPF packet has
been received on a virtual interface that cannot be parsed.
6.1.9 or later
EPICenter Software Installation and User Guide
513
Event Types for Alarms
Table 25: SNMP Trap Events (continued)
ExtremeWare
Version
Event
Definition
OSPF Virtual Interface
State Change
An ospfVirtIfStateChange trap signifies that there has been a change
in the state of an OSPF virtual interface. This trap should be
generated when the interface state regresses (e.g., goes from
Point- to-Point to Down) or progresses to a terminal state (i.e.,
Point-to-Point).
6.1.9 or later
OSPF Virtual Interface TX An ospfVirtIfTxRetransmit trap signifies than an OSPF packet has
Retransmit
been retransmitted on a virtual interface. All packets that may be
retransmitted are associated with an LSDB entry. The LS type, LS ID,
and Router ID are used to identify the LSDB entry.
6.1.9 or later
OSPF Virtual Neighbor
State Change
An ospfVirtNbrStateChange trap signifies that there has been a
6.1.9 or later
change in the state of an OSPF virtual neighbor. This trap should be
generated when the neighbor state regresses (e.g., goes from Attempt
or Full to 1-Way or Down) or progresses to a terminal state (e.g.,
Full).
Overheat
Extreme Networks proprietary trap. This trap indicates that the on
board temperature sensor has reported an overheat condition. This
indicates the temperature has reached the Overheat threshold. The
switch will continue to function until it reaches its shutdown threshold.
The system will then shutdown until the unit has sufficiently cooled
such that operation may begin again. A cold start trap will be issued
when the unit has come back on line. This trap is sent repetitively
every 30 seconds until the temperature goes back to normal.
All
Ping Probe Failed
Generated when a probe failure is detected when the corresponding
pingCtlTrapGeneration object is set to probeFailure(0) subject to the
value of pingCtlTrapProbeFailureFilter. The object
pingCtlTrapProbeFailureFilter can be used to specify the number of
successive probe failures that are required before this notification can
be generated.
6.1.9 or later
Ping Test Completed
Generated at the completion of a ping test when the corresponding
pingCtlTrapGeneration object is set to testCompletion(4).
6.1.9 or later
Ping Test Failed
Generated when a ping test is determined to have failed when the
6.1.9 or later
corresponding pingCtlTrapGeneration object is set to testFailure(1). In
this instance pingCtlTrapTestFailureFilter should specify the number of
probes in a test required to have failed in order to consider the test as
failed.
Power Supply Failed
Extreme Networks proprietary trap. This trap indicates that one or
more sources of power have failed. Presumably a redundant
power-supply has taken over. This trap is sent repetitively every 30
seconds until all the power supplies are back to normal condition.
All
Power Supply OK
Extreme Networks proprietary trap. This trap indicates that one or
more previously bad sources of power have come back to life without
causing the device to restart.
All
Processor State Change
Extreme Networks proprietary trap. This trap indicated a failed
processor on an NP module is detected.
Redundant Power Supply
Failed
Extreme Networks proprietary trap. This trap indicates that the
attached redundant power supply device is indicating an alarm
condition. This trap is sent repetitively every 30 seconds until the
redundant power supply is back to normal condition.
All
Redundant Power Supply
OK
Extreme Networks proprietary trap. This trap indicates that the
attached redundant power supply device is no longer indicating an
alarm condition.
All
514
EPICenter Software Installation and User Guide
RMON Rising Trap Events
Table 25: SNMP Trap Events (continued)
ExtremeWare
Version
Event
Definition
SLB Unit Added
Extreme Networks proprietary trap. This trap indicates that the server
load balancer has activated a group of virtual servers that it normally
would not activate. This may be due to the failure of another server
load balancer.
6.1 or later
SLB Unit Removed
Extreme Networks proprietary trap. This trap indicates that the server
load balancer has deactivated a group of virtual servers that it
normally has active. This indicates that something is wrong in the
server load balancer; for example, its ping check may be failing.
6.1 or later
STP New Root
Extreme Networks proprietary trap. This trap indicates that the
sending agent has become the new root of the Spanning Tree; the
trap is sent by a bridge soon after its election as the new root, e.g.,
upon expiration of the Topology Change Timer immediately
subsequent to its election.
6.2.2 or later
STP Topology Change
Extreme Networks proprietary trap. A topologyChange trap is sent by
a bridge when any of its configured ports transitions from the Learning
state to the Forwarding state, or from the Forwarding state to the
Blocking state. The trap is not sent if a newRoot trap is sent for the
same transition.
6.2.2 or later
Slot Change
Extreme Networks proprietary trap. This trap indicates that the value
of the extremeSlotModuleState for the specified extremeSlotNumber
has changed.
All
Smarttrap
Extreme Networks proprietary trap. This trap indicates that the value
of one of the object identifiers (or the value of an object below that in
the MIB tree) defined in the extremeSmartTrapRulesTable has
changed, and hence a new entry has been created in the
extremeSmartTrapInstanceTable. Such a trap is sent at most once
every thirty seconds if one or more entry was created in the last thirty
seconds.
All
Warm Start
Trap indicates that the device has been rebooted without power
recycling. An Extreme Networks switch never sends out this trap.
None
RMON Rising Trap Events
This trap indicates that the value of the MIB variable being monitored has risen to or above the rising
threshold value. RMON rules need to be configured on a device for it to send out this trap. See
“Threshold Configuration” in Chapter 5 for more information.
RMON Falling Trap Events
This trap indicates that the value of the MIB variable being monitored has fallen to or below the falling
threshold value. RMON rules need to be configured on a device for it to send out this trap. See
“Threshold Configuration” in Chapter 5 for more information.
EPICenter Software Installation and User Guide
515
Event Types for Alarms
EPICenter Events
An EPICenter event is generated by the EPICenter server based on the results of its periodic polling. In
some cases, an EPICenter event may result from the same condition that could generate an SNMP or
other trap. An EPICenter event has the advantage that it guarantees that the condition will be detected
(by polling) even if the corresponding trap is missed.
Table 26: EPICenter Events, Detected Through Polling
Event
Definition
Configuration Upload Failed
The EPICenter server generates this event when it fails to upload
configuration information from a device. This event occurs ONLY when the
upload is attempted from EPICenter, not if it was attempted from Telnet,
ExtremeWare Vista or any other method.
Configuration Upload OK
The EPICenter server generates this event when it successfully uploads
configuration from a device. This event occurs ONLY when the upload is
done from EPICenter, not from Telnet, ExtremeWare Vista or any other
method.
Device Policy Configuration
The EPICenter server generates this event when it encounters a problem
configuring policies on a device using ACL and QoS.
Device Reboot
The EPICenter server generates this event for a device when it detects a
device reboot (cold start or warm start). Unlike the cold start or warm start
SNMP trap, EPICenter generates this event by polling the device.
Device Warning from EPICenter
For Extreme Networks devices only. The EPICenter server generates this
event in one of two situations:
•
If the server detects and infinite loop while walking the device’s SNMP
MIB (may occur with ExtremeWare 4.1.19b2)
•
If the device has a bad serial number reported through SNMP (may
occur with ExtremeWare 6.2.1 on the BlackDiamond 6816).
Fan Failed
For Extreme Networks devices only. The EPICenter server generates this
event for an Extreme device when it detects, via polling, a transition from
fan OK to fan failed condition on the device. Unlike the SNMP Fan Failed
trap event, this event is generated only once, based on a state transition.
As an alternative, you can detect a Fan Failed condition by using the SNMP
Fan Failed trap, which will be generated every 30 seconds until the
condition is corrected.
Overheat
For Extreme Networks devices only. The EPICenter server generates this
event for an Extreme device when it detects a transition from normal
temperature to overheat condition on the device. Unlike the SNMP overheat
trap event, this event is based on a state transition, and will be generated
only once. As an alternative, you can detect an Overheat condition by using
the SNMP Overheat trap, which will be generated every 30 seconds until
the condition is corrected.
Power Supply Failed
For Extreme Networks devices only. The EPICenter server generates this
event if the device reports a power supply failure.
SNMP Unreachable
The EPICenter server generates this event when it fails to communicate
with a device following a previously successful communication. In other
words, this event is generated when the state of communication with the
device transitions from reachable to unreachable.
SNMP Reachable
The EPICenter server generates this event when the state of
communication with the device transitions from unreachable to reachable.
Syslog Flood
The EPICenter server generates this event if the server receives syslog
messages at a rate that exceeds the user-defined limit set in the
Administration applet via the Scalability Properties. See “Server Properties
Administration” on page 363 in Chapter 16, , for more information.
516
EPICenter Software Installation and User Guide
F
EPICenter Backup
This appendix describes the following:
• The EPICenter Alarm Log and Event Log backup files
• The DBVALID command-line database validation utility
• The DBBACKUP command-line database backup utility
EPICenter Log Backups
Both the EPICenter Event Log and Alarm Log files are kept in tables in the EPICenter database. These
tables can contain approximately 50,000 and 10,000 entries, respectively.
When the EPICenter server starts, it checks once every 24 hours to determine if either of these logs has
reached its maximum size. When one reaches its maximum, EPICenter moves the oldest 10% of the
entries to a backup file, and clears those entries from the table.
For Windows, the backup files are created in the directory <install_dir>/user, where <install_dir>
is the root directory of the EPICenter install, by default c:\Program Files\Extreme
Networks\EPICenter 4.1. For Solaris, the backup files are created in the directory
/opt/extreme/epc4_1/user, where /opt/extreme/epc4_1 is the <install_dir>.
• The Alarm Log is backed up to the file Alarm_Log.txt
• The Event Log is backed up to the file Event_Log.txt
Each primary backup file is in turn backed up to a secondary file when it reaches its maximum size of
approximately 30MB for Event_Log.txt and 6MB for Alarm_Log.txt.
• Alarm_Log.txt is backed up to the file Alarm_Log.old
• Event_Log.txt is backed up to the file Event_Log.old
The primary file is then emptied.
When the primary file becomes full for the second time, the secondary backup file will be overwritten
with the new contents of the primary backup file.
If you want to maintain a complete set of log file backups over time, you should save the *_Log.txt
and *_Log.old files periodically.
EPICenter Software Installation and User Guide
517
EPICenter Backup
Database Utilities
Sybase database validation and backup utilities are shipped with the EPICenter software.
The Validation utility validates all indexes and keys on some or all of the tables in the database. The
Validation utility scans the entire table and looks up each record in every index and key defined on the
table. This utility can be used in combination with regular backups to give you confidence in the
security of the data in your database.
The Backup utility makes a backup copy of all data in the database, except for user names and
passwords, which are kept in separate files. Backing up your database regularly will ensure that you
will not need to re-enter or recreate all the switch, VLAN, Topology, and Alarm information in the event
that the database is corrupted or destroyed.
Both database utilities are found in the <install_dir>\database directory. < install_dir> is the
directory where you installed the EPICenter software. Substitute the name of the actual directory for
<install_dir> when you run these commands.
NOTE
In the Solaris environment, you must ensure that the EPICenter database path is set in the
LD_LIBRARY_PATH environment variable. This should be set to <install_dir>/database where
<install_dir> is the root directory of the EPICenter install, for example /opt/extreme/epc4_1.
The Validation Utility
The Validation utility validates all indexes and keys on some or all of the tables in the database. Access
the Validation utility from the MS DOS or Solaris command line using the dbvalid command. This
convention also allows incorporation into batch or command files.
Using the DBVALID Command-line Utility
To validate the EPICenter database running under Windows, use the command:
<install_dir>\database\dbvalid -c
“uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db”
Under Solaris, use the command:
<install_dir>/database/dbvalid -c
“uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>/basecamp.db”
This example assumes a database user ID of dba, with password sql. These are the defaults used when
the database server is installed through the EPICenter installation process. If you have changed your
database user ID and password, substitute your actual user ID and password in the command.
<install_dir> is the directory where the EPICenter software is installed. Substitute the actual
directory name in the command.
This operation should report no errors. If there are errors, the system should be stopped and a backup
database copied into place. See “Installing a Backup Database” on page 520. If there are no backups, the
EPICenter software must be re-installed.
518
EPICenter Software Installation and User Guide
The Backup Utility
Syntax:
dbvalid [switches]
Table 27: dbvalid Command Switches
Switch
Description
-c “keyword=value; ...”
Supply database connection
parameters
Database Connection Parameters
These are the parameters for the -c command-line switch. If the connection parameters are not
specified, connection parameters from the SQLCONNECT environment variable are used, if set.
Table 28: Database Connection Parameters for dbvalid Utility
uid=<user name>
The user name used to login to the database. Default is dba. The user ID must
have DBA authority.
pwd=<password>
The password used to login to the database. Default is sql.
dbf=<database_file>
The name of the file that stores the data. This is the file to be validated.
eng=EPIC41
The name of the database engine. This value must be EPIC41 for EPICenter
4.1.
The connection parameters are separated by semicolons, and the entire set must be quoted. For
example, under Windows, the following validates the EPICenter, connecting as user ID dba with
password sql:
<install_dir>\database\dbvalid -c
“uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db”
The Backup Utility
The Backup utility makes a backup copy of all data in the database, except for user names and
passwords. Access the Backup utility from the MS DOS or Solaris command line using the dbbackup
command. This convention also allows incorporation into batch or command files.
The DBBACKUP Command-line Utility
To back up the EPICenter database running under Windows, use the command:
<install_dir>\database\dbbackup -c
“uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db” <backup_dir>
Under Solaris, use the command:
<install_dir>/database/dbbackup -c
“uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>/basecamp.db” <backup_dir>
This example assumes a database user ID of dba, with password sql. These are the defaults used when
the database server is installed through the EPICenter installation process. If you have changed your
database user ID and password, substitute your actual user ID and password in the command.
EPICenter Software Installation and User Guide
519
EPICenter Backup
<install_dir> is the directory where the EPICenter software is installed. Substitute the actual
directory name in the command.
<backup_dir> is the directory where the backup copy of the database should be stored. Substitute an
actual directory name in the command.
This command generates a backup of the database in the specified backup directory. The backup
consists of two files, basecamp.db and basecamp.log. All database files are backed up. These files
should be saved so they can be used to replace the original files in the event of a problem.
NOTE
Do not stop the EPICenter server to perform daily backups of the database. This action is not
necessary and will prevent the alarm and event logs from truncating.
Syntax:
dbbackup [switches] directory
Table 29: dbbackup Command Switches
Switch
Description
-c “keyword=value; ...”
Supply database connection parameters
-y
Replace files without confirmation
Database Connection Parameters
These are the parameters for the -c command-line switch. If the connection parameters are not
specified, connection parameters from the SQLCONNECT environment variable are used, if set.
Table 30: Database Connection Parameters for dbbackup Utility
uid=<user name>
The user name used to login to the database. Default is dba. The user ID must have
DBA authority.
pwd=<password>
The password used to login to the database. Default is sql.
dbf=<database_file>
The name of the file that stores the data. This is the file to be backed up.
eng=EPIC41
The name of the database engine. This value must be EPIC41 for EPICenter 4.1.
The connection parameters are separated by semicolons, and the entire set must be quoted. For
example, under Windows, the following backs up the EPICenter database basecamp.db, connecting as
user ID dba with password sql:
<install_dir>\database\dbbackup -c
“uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db” c:\tmp
Installing a Backup Database
The backup database is named basecamp.db, and is kept in the directory you specified when you ran
the dbbackup command (c:\tmp in the example).
520
EPICenter Software Installation and User Guide
The Backup Utility
To replace a damaged database with the backup copy, follow these steps:
1 Shut down the EPICenter software following the instructions for your operating system in the
EPICenter Software Installation and User Guide.
2 Move or delete the old copy of basecamp.db and basecamp.log found in the EPICenter installation
directory.
3 Copy the backup copy of basecamp.db and basecamp.log to the EPICenter installation directory.
4 Restart the EPICenter software following the instructions in the EPICenter Software Installation and
User Guide for your operating system environment.
EPICenter Software Installation and User Guide
521
EPICenter Backup
522
EPICenter Software Installation and User Guide
G Dynamic Link Context System (DLCS)
This appendix describes:
• How the EPICenter policy system uses the Dynamic Link Context System (DLCS) to map logical end
stations (users, hosts) to physical attributes
• How to enable DLCS on Extreme switches running ExtremeWare 5.0 or later
• Limitations of DLCS as implemented in ExtremeWare 5.0
Overview of DLCS
DLCS is a feature that snoops Windows Internet Naming Service (WINS) NetBIOS packets and creates a
mapping between a user name, the IP address of the host, and the switch and port. Based on the
information in the packet, DLCS can detect when a host boots up or shuts down, or a user logs in or
logs out. When a host boots up, DLCS associates its name and IP address to a port on a switch.
Similarly, when a user logs in, DLCS associates the user with a host, and thus a switch port. Such
learned information is discarded when the user logs out, or when the host is shut down.
This information is used by the EPICenter software in setting policies that can be applied to users.
These policies can dynamically follow a user's location if auto configuration of policies is enabled. For
DLCS to operate within ExtremeWare, the user or host must allow automatic DLCS updates. This
feature should only be used in conjunction with the EPICenter Policy Manager.
EPICenter uses DLCS information to create a policy object for a user or host that is mapped to the
appropriate physical attributes (IP address, switch, and port).
Using DLCS with the Policy Manager
For DLCS to operate within the EPICenter policy system, two conditions must be met:
• DLCS must be enabled on the switch.
• In the Policy Manager client, the user or host must be set to allow automatic DLCS updates.
If both of these conditions are true, the policy system will expect to get current physical attributes for
the user or host dynamically through DLCS. If auto configuration is enabled in the Policy Manager
client, then dynamic data learned through DLCS will also update the configured policies.
EPICenter Software Installation and User Guide
523
Dynamic Link Context System (DLCS)
DLCS Properties
The following guidelines must be used when using DLCS:
• Only one user can be attached to a host at a given time. This is always the last user that logged in.
• A user may be logged into many hosts simultaneously.
• An IP address can be learned on only one port in the network at a given time.
• Multiple IP addresses can be learned on the same port.
• DLCS mapping is flushed when a user logs in or logs out or when a host is shut down.
Enabling DLCS on an Extreme Switch
DLCS must be enabled on the switch for Enterprise Manager to make use of the capability. It cannot be
enabled directly from the Enterprise Manager; it must be enabled using the ExtremeWare CLI through
Telnet. Thus, DLCS is not an option under the ExtremeView Configuration features. However, you can
use the ExtremeView Telnet feature to access the switch and enable DLCS.
To enable DLCS on a switch, follow these steps:
1 Click the ExtremeView icon in the EPICenter Navigation Toolbar.
2 Select Telnet in the component tree, then select the switch you want to configure.
3 Use the enable dlcs command to enable DLCS snooping of packets on the switch.
4 Enable the ports on which you want to snoop. You can enable individual ports, or all ports on the
switch.
enable dlcs fast-ethernet-ports | ports <port-number> | all
DLCS should be enabled on all edge ports (ports that are directly connected to workstations, servers,
and unintelligent hubs). DLCS should not be enabled on trunk or uplink ports.
5 To see which ports are snooping WINS packets, and what data has been learned:
show dlcs
6 To clear all DLCS data that has been learned:
clear dlcs
7 Type quit to exit the Telnet session.
DLCS Limitations
Certain limitations in the ExtremeWare 5.0 implementation of DLCS should be considered with regard
to the data received from WINS snooping:
• DLCS will not work for the WINS server itself, because the WINS server will not send NetBIOS
packets on the network (these packets are address to itself). This means that the host name of the
WINS server, and any users on the WINS server, cannot be learned by DLCS.
• When the IP address of a host is changed, and the host is not immediately rebooted, the old host to
IP address mapping will never be deleted. You must delete the mapping of the host to IP address
through the EPICenter Policy Manager client.
524
EPICenter Software Installation and User Guide
DLCS Limitations
• When a host is moved from one port to another port on a switch, the old entry will not age out,
unless the host is rebooted or a user login operation is performed after the host is moved.
• DLCS information is dynamic. Therefore, if the switch is rebooted, the DLCS information is lost.
However, this information is still stored in the EPICenter database. To delete the information from
the policy system, you must explicitly delete the configuration parameters using the EPICenter
Policy Manager client.
Alternatively, you can delete the rebooted switch from the EPICenter database using the Delete Device
function in the Inventory Manager. Then re-add the switch using the Inventory Manager Add Device
function.
• DLCS is not currently supported on hosts with multiple NIC cards.
ISQ Improvements
ExtremeWare versions 6.1 or later do not require any Intra-Subnet QoS (ISQ) settings for DLCS.
However, a VLAN must have an IP address in order for DLCS to function on ports on that VLAN.
For ExtremeWare 5.x, ISQ has been improved to also allow the application of IP QoS for traffic on a
Layer 2 switch that is destined outside the served subnet. If your switch is running in L2 mode, and
you want to snoop Layer 4 (NetBIOS) packets, you can do so using ISQ.
To configure this capability, you will need the MAC address of the next-hop router (or the MAC address
of the WINS server, if the server is on the same subnet) and a list of the IP addresses of the WINS
servers. The IP packets to this MAC address and the specified IP addresses are then snooped.
After DLCS has been enabled, the following commands should be used for this configuration:
• Create a list of WINS servers whose packets should be snooped:
create isq-server <name>
• Add the WINS server IP addresses to this list:
config isq-server <name> add ipaddress <WINS-server-ipaddress1>
config isq-server <name> add ipaddress <WINS-server-ipaddress2>
•••
• Configure the MAC address of the next hop router:
config isq-server <name> add mac <mac-address-of-next-hop> vlan <vlan-name>
EPICenter Software Installation and User Guide
525
Dynamic Link Context System (DLCS)
526
EPICenter Software Installation and User Guide
H EPICenter Policy System Feature
Comparison
This appendix describes:
• A summary of the features available through the ExtremeWare Command Line Interface (CLI) that
are supported by the EPICenter Policy Manager
• A summary of the policy features available in Cisco IOS 11.2 that are supported by the EPICenter
Policy Manager
• A discussion of Policy Manager issues and limitations related to support of policies on Extreme
Networks devices and Cisco devices
ExtremeWare 6.2 Features Supported
EW 6.2.x Features
Supported
in EPICenter
Notes
Access-List
Source ip/subnet/wildcard
Yes
Destination ip/subnet/wildcard
Yes
Source L4 port/range/wildcard
Yes
Destination L4
port/range/wildcard
Yes
Protocol IP, UDP, TCP
Yes
Protocol ICMP
Partial
Can display ICMP access-list created via CLI. Does not
configure any access-list using ICMP protocol.
Ingress port list
Partial
Can display access-list with ingress port list. Does not
configure any access-list using ingress port list.
Deny, Permit,
Permit-Established actions
Yes*
“Deny” is displayed as “blackhole” QoS profile.
Precedence
Yes†
EPICenter Software Installation and User Guide
“Permit-Established” can be used in policy as protocol
“Deny TCP Sync” and “blackhole” QoS profile.
Automatically generated by the policy server. Precedence
starting point can be controlled.
527
EPICenter Policy System Feature Comparison
EW 6.2.x Features
Supported
in EPICenter
Notes
Rules without precedence
No
All rules must have precedence.
ACL name
Yes
Supports QP1-QP8
Yes
* This feature is supported, but the implementation in EPICenter may differ in some respects from its implementation in
ExtremeWare.
† See the ExtremeWare Software User Guide for information on how the device treats rules without precedence numbers.
Source Port QoS
Supports QP1-QP8
Yes
Supports “blackhole”
Yes
Source port blackhole is implemented by disabling the
source port.
VLAN QoS
Supports QP1-QP8
Yes
QoS Profile
Min/Max bandwidth
Yes
Priority
Yes
Min/Max Buffer
No
Per-Port Profile
Yes
ExtremeWare 6.0.x and 6.1.x Features Supported
Supported
in
EPICenter
Notes
Source ip/subnet/wildcard
Partial
Only IP and “ANY” wildcard are supported.
Destination ip/subnet/wildcard
Yes
Source L4 port/range/wildcard
Yes
Destination L4
port/range/wildcard
Yes
Protocol IP, UDP, TCP
Yes
Protocol ICMP
Partial
EW 6.0.x-EW6.1.x Features
Access-List
528
Can display ICMP access-list created via CLI. Does not
configure any access-list using ICMP protocol.
EPICenter Software Installation and User Guide
ExtremeWare 5.x Features
Ingress port list
Partial
Can display access-list with ingress port list. Does not
configure any access-list using ingress port list.
Deny, Permit,
Permit-Established actions
Partial
“Deny” is displayed as “blackhole” QoS profile.
Precedence
No
EPICenter cannot display any rules with precedence number.
Rules without precedence
Yes*
EPICenter cannot set rules with precedence number. All
EPICenter access-list rules appear with a precedence number
of 0. It is up to the device to determine how to deal with
overlaps between the policy rules.
Acl name
No
EPICenter cannot set or display the access-list name. Access
list rules created by EPICenter created appear in the CLI with
names ‘mgmt1’, ‘mgmt2’, and so on. When displaying an
access-list in the ACL viewer, the name column is empty.
Supports QP1-QP8
Yes
“Permit-Established” is not supported.
* See the ExtremeWare Software User Guide for information on how the device treats rules without precedence numbers.
Source Port QoS
Supports QP1-QP8
Yes
Supports “blackhole”
Yes
Source port blackhole is implemented as disabling the source
port.
VLAN QoS
Supports QP1-QP8
Yes
QoS Profile
Min/Max bandwidth
Yes
Priority
Yes
Min/Max Buffer
No
Per-port profile
No
ExtremeWare 5.x Features
EW 5.x Features
Supported
in
EPICenter
Notes
IP QoS
Source ip/wildcard
Yes
Destination ip/subnet/wildcard
Yes
EPICenter Software Installation and User Guide
529
EPICenter Policy System Feature Comparison
Source L4 port/wildcard
Yes
Destination L4 port/wildcard
Yes
Protocol IP, UDP, TCP, Other
Partial
Deny
Yes
Supports QP1-QP4
Yes
Other protocol is not supported.
Source Port QoS
Supports QP1-QP4
Yes
Supports “blackhole”
Yes
Source port blackhole is implemented as disabling the source
port.
VLAN QoS
Supports QP1-QP4
Yes
QoS Profile
Min/Max bandwidth
Yes
Priority
Yes
Only four priorities are available.
ExtremeWare 4.x Features
EW 4.x Features
Supported
in
EPICenter
IP QoS
No
Source Port QoS
No
Notes
VLAN QoS
Supports QP1-QP4
Yes
QoS Profile
Min/Max bandwidth
Yes
Priority
Yes
530
Only four priorities are available.
EPICenter Software Installation and User Guide
Cisco Internetworking Operating System (IOS) 11.2 Features
Cisco Internetworking Operating System (IOS) 11.2
Features
Supported
in
EPICenter
Notes
IP Access Group
Yes
Supported using QoS profile “blackhole”
Priority Queuing
Yes
Supported using QoS profile priority field. Only supports four
priorities rather than eight as in Extreme.
Custom Queuing
Yes
Supported using QoS profile minimum bandwidth. Minimum
bandwidth setting is simulated.
Extended IP Access-List
Yes
EPICenter can use access-list 100 through 199.
Cisco IOS 11.2+ Features
IP QoS
EPICenter Policy Issues and Limitations
• The EPICenter policy server does not issue rules with duplicated traffic description. If the user
creates a rule through the ExtremeWare CLI that contains the same traffic description as an
EPICenter policy rule, the EPICenter policy rule is not configured to that device until the user
removes the manually created rule.
• If the user deletes an EPICenter policy rule through the ExtremeWare CLI, the rule is added back by
the policy server during the next EPICenter policy configuration.
• The EPICenter policy server can only detect rules that contain “duplicated” traffic descriptions
(traffic flows). When duplicates occur, only one of the duplicated rules will be used. The rule to be
used is based on the precedence of the policies.
• The policy server does not detect IP rules that “overlap” in the general case. Two rules may overlap
when their traffic classifications describe the same set of traffic even if the traffic descriptions are not
identical. The user must decide which rule to use when a general “overlap” occurs by setting the
policy precedence appropriately. When a packet matches multiple overlapping rules, the rule for the
policy with the highest precedence is used.
• EPICenter policy precedence is implemented by assigning precedence numbers to IP access-lists that
are configured to the devices. These precedence numbers may be different on different devices
depending on how many policies are active on a given device. The actual IP access-list precedence
number is not as important because it is the relative ordering between the precedence numbers from
the access-list that matters.
• For ExtremeWare 5.x-6.1.x, the EPICenter policy server does not attempt to enforce the IP policy
precedence because the policy server cannot set precedence numbers via SNMP. On these versions of
ExtremeWare, the rule precedence is controlled by the device, based on “most specific match wins.”
It is highly recommended that users upgrade to ExtremeWare 6.2 to take full advantages of the
EPICenter policy server features.
• A “Deny” ACL rule is displayed as an ACL using the “blackhole” QoS profile.
• The EPICenter Policy server does not modify IP and source port rules created via the CLI.
EPICenter Software Installation and User Guide
531
EPICenter Policy System Feature Comparison
• An IP or source port rule created by the EPICenter policy server is identified by its owner string
“EPICenter.”
• Any access-list using TCP Permit-Established is displayed in the EPICenter policy server as protocol
“Deny TCP Sync” and QoS profile “blackhole.”
• VLAN policy does not support the “blackhole” QoS profile.
• There is no owner string for VLAN QoS. As a result, the EPICenter policy server can modify VLAN
QoS that was created via the ExtremeWare CLI.
• A VLAN must have a QoS profile. As a result, when a VLAN policy is deleted, the VLAN QoS
settings for the VLANs affected by that policy are not deleted. If the user wants these VLANs to
revert back to some default QoS setting when the policy is removed, it is recommended that the user
creates a separate “default VLAN” policy that assigns the desired QoS setting to these VLANs.
• For a Cisco device, the EPICenter policy server enforces policy precedence by using a combination of
“deny” and “permit” traffic specification. No explicit precedence number is used. However, inside
the policy ACL viewer, an equivalent precedence number is displayed for Cisco devices. It is the
relative ordering between the rules that is important, not the precedence number itself.
• If Cisco device is synchronized, its equivalent precedence number is lost until the next policy
configuration. This can happen in the following cases:
— The user removes the Cisco device from the EPICenter inventory, then adds it back to the
EPICenter database.
— The user uses the “Sync” button to explicitly synchronize the device.
• Policy components (resources) inherit different properties when used as traffic endpoints than when
they are used in a scope definition:
— As an endpoint, a user resource inherits any physical port and IP information from all host
resources that the user resource is related to. In the EPICenter policy server, this is treated as
“user using host(s).” However, a host resource does not inherit from any user resources.
— As an endpoint, a group resource inherits any physical port, VLAN, and IP information from all
resources that are contained within the group, and all their descendents.
— As an endpoint, a non-group resource does not inherit any physical port, VLAN, and IP
information from any groups of which it is a descendant (i.e. from any parent groups).
— As a scope, a group resource encompasses all descendent resources of the group. Defining a
policy on a group is equivalent to defining the policy on all descendents of that group.
532
EPICenter Software Installation and User Guide
Index
Numerics
1d mode, STP
802.1Q tag
802.1x
341
321, 331
119
A
About EPICenter page
Access Domain of a policy
access levels
Access List
Access List display
access list policies
viewing
Access List summary view
Ack button
ACL Viewer
Actions tab
activation key
Active Ports (ESRP)
Add All button
in Add Relationship to Group
in Add Resources
Add Attribute to Resource button
Add button
in Add Attribute to Resource
in Add Relationship to Group
in Add Resource
in Alarm Category
in Alarm Definition
in Discovery
in Grouping Manager
in Grouping Manager search
in Inventory Manager
in IP/MAC Address Finder
in Threshold Configuration
in VLAN Manager
Add Links to VLAN menu selection
Add/Modify Condition button
adding
alarm category
alarm definition
CPU Utilization rule
devices
map background images
nodes to a map
protocol filters
EPICenter Software Installation and User Guide
79
30
26, 355
30
439
33
437
437
124
409, 437
134
50, 53, 59
354
218
215
212
220
218
215
138
130
97
214, 217
223
90, 100
237
142
330
315
125, 128
138
130
142
100
313
297
339
relationships to resource
resource as child
RMON rule
user accounts
VLANs
address range
in Discovery
in IP/MAC Address Finder
Admin button
Admin port
Administration page
Administrator
adding users
changing password
default password
deleting a user account
distributed server configuration
ExtremeWare access
modifying users
server properties configuration
Administrator access
EPICenter
ExtremeWare
alarm actions
E-mail
execute script
forward trap
run program
short email
sound alert
Alarm Browser
from Configuration Manager
from ExtremeView applet
from Inventory Manager
from Real-Time Statistics applet
from STP Monitor
from Telnet applet
from topology map
from VLAN Manager
Alarm button
Alarm Definition tab
alarm events
Extreme proprietary traps
from EPICenter
RMON falling threshold
RMON rising threshold
216
213
142
358
330
95
237
81
54, 59
357
358
358
357
360
371
356
358
363
26, 356
356
134
135
136
135
135
135
134
122
161
257
93
279
348
200
318
328
80, 122
129
121
121, 131
131
131
533
Index
SNMP traps
Syslog messages
Alarm Log Browser
Alarm Log Detail View
Alarm Log history
Alarm Log report
Alarm System
AlarmMgr utility
alarms
acknowledging
actions
Basic parameters
categories
configuring EPICenter as Syslog receiver
CPU utilization rule display
CPU utilization threshold configuration
creating a filter
Default category
defining
defining scope
definition examples
deleting
detail view
E-mail alarm action
EPICenter event type
Event Type definition
execute script action
falling threshold configuration
falling threshold for CPU utilization rules
falling threshold, predefined RMON rules
filtering
forward trap action
history
Port Utilization rule
predefined
predefined RMON event configuration
rising threshold configuration
rising threshold for CPU utilization rules
rising threshold, predefined RMON rules
RMON event types
RMON rule definition
RMON rule display
RMON threshold configuration
run program action
scope
setting up e-mail
short email alarm action
sound alert action
startup condition for CPU utilization
startup condition for RMON alarms
startup condition for threshold alarms
Sync in Threshold Configuration
Syslog messages
Temperature threshold rule
threshold rule target configuration
Topology Change rule
unacknowledging
variables
writing Tcl scripts for alarm actions
All Device Groups page
All ESRPs view
application as policy component
Apply button
architecture of EPICenter software
534
121, 131
131
123
126
154
386
23
27, 479
125,
141,
121,
141, 142,
124
134
130
138
153
141
140
127
138
129
133
136
124
126
135
131
131
136
144
146
148
126
135
154
148
129
148
144
146
148
131
143
141
140
135
132
136
135
134
146
144
141
151
131
148
149
148
124
132
155
89
352
39
86
28
Archive button (Configuration Manager)
archiving configuration settings
Attribute Name field
Attribute Type field
attributes of resources
DLCS ID type
generic type
IP/subnet type
Netlogin ID type
Attributes tab
Auto button
auto configuration
Auto populate view
placement algorithm
165, 167
165
221
221
207, 210
219, 221
212, 219, 221
212, 219, 221
212
220
410, 433
43, 433
293, 305
294
B
background image in Topology
background map image
Basic alarm parameters
browser
requirements for reports
requirements for use as client
buttons
Ack
Add (Add Attribute)
Add (Add Resources)
Add (Alarm Category)
Add (Alarm Definition)
Add (Discovery)
Add (Grouping Manager search)
Add (Grouping Manager)
Add (Inventory Manager)
Add (IP/MAC Address Finder)
Add (Relationship to Group)
Add (Threshold Configuration)
Add (VLAN Manager)
Add All (Add Resources)
Add All (Relationship to Group)
Add Attribute to Resource
Add/Modify Condition
Admin
Alarm
Apply
Archive (Configuration Manager)
Auto
By Switch
By VLAN
Cfg All
Cisco Policy Setup
Clone (IP/MAC Address Finder)
Close
Config
Config (Configuration Manager)
Connect Device
Create new device
Create new map
Cut nodes from map
Default (Inventory Manager)
Delete
Delete (Alarm Category)
Delete (Alarm Definition)
Delete (Alarm System)
Delete (Inventory Manager)
Delete (IP/MAC Address Finder)
312
312
130
214,
90,
125,
80,
165,
410,
410,
235,
81, 410,
410,
90,
235,
49
49
85
124
220
215
138
130
97
223
217
100
237
218
142
330
215
218
212
128
81
122
86
167
433
323
323
434
451
240
86
434
157
336
297
296
302
90
429
139
138
124
110
240
EPICenter Software Installation and User Guide
Index
Delete (Threshold Configuration)
Delete (VLAN Manager)
Delete alarms with specified conditions
Destroy
Detail
Discover (Device Discovery dialog)
Discover (Inventory Manager)
Download (Configuration Manager)
ESRP
EView
Export (IP/MAC Address Finder)
Export Local (IP/MAC Address Finder)
Export Local (IP/MAC Finder)
Filter
Find (Grouping Manager)
Find (IP/MAC Address Finder)
Find (Telnet)
Find (Topology)
Find IP/MAC
Groups
Help
Home
Import
Increment (Configuration Manager)
Inventory
Layout
Logoff
Mark
Modify (Alarm Category)
Modify (Alarm Definition)
Modify (in VLAN Manager)
Modify (Inventory Manager)
Modify (Threshold Configuration)
New
New (Discovery)
New (Grouping Manager)
Order
Paste nodes into map
Play (Telnet)
Policies
Policy
Print Map
Profile
Protocol Filters
Query
Remove (Add Attribute)
Remove (Add Resources)
Remove (Discovery)
Remove (Grouping Manager)
Remove (IP/MAC Address Finder)
Remove (Relationship from Group)
Remove All (Add Resources)
Remove All (IP/MAC Address Finder)
Remove All (Relationships from Group)
Remove Attribute from Resource button
Remove Condition(s)
Repeat
Reports
ReRun (IP/MAC Address Finder)
Reset
Reset (Grouping Manager search)
RT Stats
Save
216, 218, 219,
ServiceWatch
EPICenter Software Installation and User Guide
210,
81,
86,
221,
151
333
124
210, 213
126
96
90
168
81, 351
81, 243
235, 240
240
235
127
215, 221
236
201
311
81, 233
81, 207
410
80, 374
210, 226
169
80, 89
305
81
315
139
138
335
90, 105
150
410, 416
96
210
410, 430
302
194
411
409, 437
310
410, 431
339
224
221
215
96
216, 219
237
218
215
237
218
212
125, 128
194
81
235, 240
410, 429
224
81, 269
410, 429
81
Settings... (Alarm Definition)
Stop (Telnet)
STP
Submit (IP/MAC Address Finder)
Sync (Inventory Manager)
Sync (Threshold Configuration)
Telnet
TFTP (Configuration Manager)
Topology
Unack
Upgrade (Configuration Manager)
Upload (Configuration Manager)
Variables... (Alarm Definition)
Versions (Configuration Manager)
VLAN
VLANs (Topology)
WildCard (IP/MAC Address Finder)
Zoom map in
Zoom map out
By Switch button
By VLAN button
90,
81,
81,
173, 177,
136
194
81
238
111
151
191
186
286
124
178
163
135
182
81
313
237
309
309
323
323
C
categories for alarms
Cfg All button
changing password
for Administrator
user
changing policy precedence
children of resource
Children tab
Cisco device support
44,
IOS features
policy setup
Cisco IOS features
Cisco Policy Setup button
client
browser requirements (Windows only)
installing
installing stand-alone application (Solaris)
installing stand-alone application (Windows)
starting for first time
system requirements
client Tcl API
client, installed application
Clone button
Clone button (IP/MAC Address Finder)
Close button
columns
resizing
sorting
Command-line utilities
community string
for discovery
in trap receiver setup
Compare policy and configured rules
440,
Component Tree
device status indicator
displaying subcomponents
icons
resizing
composite link (topology)
Compress Map menu selection
138
410, 434
358
360
430
210
214
451, 531
531
451
531
451
49
62
64
63
357
49
44
72
235
240
86
84
85
27
96
154
444, 447
82
84
82
83
84
290, 292
308
535
Index
Compression Algorithm
G.711
401
G.723.1
401
G.729
401
Other
401
Config button
81, 157, 410, 434
configuration files
archiving
165
download incremental
169
downloading
168
Configuration Management Log report
388
Configuration Manager
23, 157
Alarm browser command
161
Archive button
165, 167
Archive command
160
archiving configuration files
165
Browse command (ExtremeWare Vista)
161
Device statistics command
162
Download button
168
Download command
160
download image to device
173, 177
download image to slot
178
download incremental configuration
169
download saved configuration
168
EView command
161
Increment button
169
Increment command
160
Properties command
163
right-click pop-up menu
159
scheduled device upload
165
software version specification
182
Telnet command
162
TFTP button
186
Upgrade button
173, 177, 178
Upgrade command
160
Upload button
163
Upload command
159
uploading device configuration
163
Versions button
182
VLANs command
162
configured rules display
IP QoS
442
Source Port QoS
448
configuring policy precedence
430
configuring QoS policies
433
Connect Device button
336
Connect Edge Port to VLAN menu selection
317
conventions
notice icons, About This Guide
18
text, About This Guide
18
copy (Telnet)
193, 197
CPU Utilization
alarm event generation
147
event configuration rules
140
falling threshold configuration
146
Rising Threshold configuration
142
rising threshold configuration
146
rule definition
146
rule display
141
rule target configuration
149
Sample Type
146
Startup Alarm
146
Create new device button
297
Create new map button
296
536
creating
alarm definitions
alarm threshold event rules
device groups
incremental configuration file
new device node (Topology)
new topology map
new topology view
resources
search task (IP/MAC Address Finder)
VLANs
creating a policy
creating groups
Custom applications
custom applications
Cut Map Nodes menu selection
Cut nodes from map button
cutting map nodes
129
142
102
170
297
296
293
211
236
330
416
42
206
206
302
302
302
D
database backup utility
database TCP port
database validation utility
dbbackup utility
dbvalid utility
decorative node
Default alarm category
Default button (Inventory Manager)
Default device group
Deflate Nodes menu selection
Delete alarms with specified conditions button
Delete button
in Alarm Category
in Alarm Definition
in Alarm System
in Inventory Manager
in IP/MAC Address Finder
in Threshold Configuration
in VLAN Manager
Delete Map menu selection
Delete Map Nodes menu selection
Delete View menu selection
deleting
a user account
alarm category
alarm definition
alarm threshold rule
alarms
device groups
map elements
map links
map view
protocol filters
submaps
VLANs
deleting a policy
Destroy button
Detail button
Detailed ESRP Information view
Detailed Task View (IP/MAC Address Finder)
DevCLI utility
device
download incremental configuration
download saved configuration
519
53, 59
518
519
518
289
138
90
89
309
124
410, 429
139
138
124
90, 110
235, 240
151
333
301
303
301
360
139
138
151
124
110
303
303
301
339
301
333
430
210, 213
126
354
238
27
169
168
EPICenter Software Installation and User Guide
Index
in Grouping Manager
modifying information
scheduled configuration global
scheduled configuration upload
uploading configuration from
Device Alarms... menu selection
Device Browse... menu selection
Device Discovery set up window
device groups
creating
default
deleting
modifying
device groups as policy components
Device Inventory report
device node
Device profile settings display
device properties
Device Properties menu selection
Device Statistics menu selection
device status
ExtremeView
Inventory Manager display
obtaining
SmartTraps
SNMP
Device Status report
Device tab
Device Telnet menu selection
Device View menu item
Device VLANs menu selection
devices as policy component
dialog boxes
drop-down menu fields
list box fields
page tabs
selecting multiple items in a list
text fields
directed configuration
Discover button
in Inventory Manager
Discover button (Device Discovery dialog)
Discovery
Add button
address range
community string
Enable SNMP V3 Discovery
subnet mask
Discovery Results window
display mode, real-time statistics
distributed server administration
configuring server group manager
configuring server group member
distributed server mode
Distributed Server summary report
DLCS
enabling on switch
limitations
Policy Manager requirements
properties
domains, STP
download
ExtremeWare software image, device
ExtremeWare software image, slot
EPICenter Software Installation and User Guide
205
105
167
165
163
318
319
95
88, 206
102
89
110
107
39
379
287
449
117
320
319
244
90
88
88
88
382
118
319
319
320
39
85
86
86
85
86
85
433
90
96
23, 88, 95
97
95
96
96
96
96
273
371
372
371
26
78
40, 523
524
524
523
524
341
173, 177
178
incremental configuration
saved device configuration
Download button (Configuration Manager)
drop-down menu fields
Dynamic Link Context System
169
168
168
86
40, 523
E
Edit Policy Endpoints window
election algorithm (ESRP)
E-mail
alarm action
alarm action (short e-mail)
setting up for alarms
EMISTP mode
endpoints
for IP policy
for source port policy
for VLAN policy
EPICenter
architecture
client installation
components
configuring server as trap receiver
feature summary
logging in
navigating applications
server components
EPICenter Telnet
from ExtremeView applet
from Inventory Manager
from Real-Time Statistics applet
from STP Monitor
from topology map
from VLAN Manager
ESRP
active ports
All ESRPs view
detailed information view
election algorithm
Hello timer
Master switch
priority
state
ToMaster
ToSlave
TrackedActivePorts
TrackedIPRoutes
TrackedPings
ESRP button
ESRP Manager
evaluation copy
license
updating to full license
event configuration
CPU utilization rule display
CPU utilization rules
other SNMP traps
RMON rule example
RMON rules
rule target
Event Log history
Event Log report
EView button
Execute script alarm action
418
352
135
135
136
341
417
418
418
28
62
27
153
22
76
80
47, 69
24
258
94
280
349
319
329
354
352
354
352
353
352
354
354
354
354
354
354
354
81, 351
25, 351
50
55
140
141
140
152
150
140
149
154
387
81, 243
136
537
Index
Expand Map menu selection
Export button
Export Local button
external access protocol
command protocol layer
encoding layer
server commands
tags
Tcl API
Tcl functions
transport layer
Extreme switch
obtaining device status information
support in EPICenter
updating status
ExtremeView
from Configuration Manager
from Inventory Manager
from Real-Time Statistics applet
from STP Monitor
from Telnet applet
from topology map
from VLAN Manager
switch configuration information
switch statistics
switch status
ExtremeWare features
version 4.x
version 5.x
version 6.0
version 6.1
version 6.2
ExtremeWare requirements
for IP/MAC Address Finder
ExtremeWare software image
downloading to device
downloading to slot
specifying current version
ExtremeWare Vista
from Configuration Manager
from ExtremeView applet
from Inventory Manager
from Real-Time Statistics applet
from STP Monitor
from Telnet applet
from topology map
from VLAN Manager
308
235, 240
235, 240
44, 493
495
494
496
494
498
499
493
88
29
111
24, 243
161
94
280
348
200
319
329
248
253
244
530
529
528
528
527
538
201
311
81, 233
310
27, 481
307
135
G
Get Java PlugIn link,
global scheduled configuration
Grouping Manager
predefined groups
Source Name field
groups
creating with Grouping Manager
definition of
in policy definitions
predefined
groups as policy components
Groups button
75
167
23, 42, 205
206
226
42
205
42
206
39
81, 207
H
heartbeat check
Hello Timer (ESRP)
Help button
Home button
host groups
hosts as policy components
HTTP port
hyper node
caveats
28
353
410
80, 374
206
39
54, 59, 63, 65
288
298
234
173, 177
178
182
161
257
94
280
348
200
319
328
F
falling threshold
CPU utilization
for predefined RMON events
RMON events
file import
in Grouping Manager
Filter button
filtering
in reports
resources
filtering alarms
Find Address Tasks List window
Find button
in Grouping Manager
in IP/MAC Address Finder
in Telnet applet
in Topology
Find IP/MAC button
Find Map Node... menu selection
FindAddr utility
Fit Map in Window menu selection
Forward trap alarm action
146
148
144
226
127
376
210, 214
126
234
I
Import button
import sources
importing resources
from file
from LDAP directory
from NIS
from NT Domain controller
ImportResources utility
Increment button (Configuration Manager)
incremental configuration file
individual errors graph
Inflate Nodes menu selection
installing the client
installing the server
as a service (Windows)
under Solaris
under Windows
instlic utility
under Solaris
under Windows
Interface report
Inventory button
Inventory Export script
Inventory Manager
adding devices
Discovery
Inventory Manager page
210, 226
207
225
226
226, 227
226, 232
226, 232
490
169
170
268
309
62
54
56
52
61
55
383
80, 89
27
23
100
95
89
210, 215, 221
236
EPICenter Software Installation and User Guide
Index
IP address
finding with IP/MAC Address Finder
modifying for a VLAN
IP address as policy components
IP forwarding
disabling
enabling
IP forwarding tab
IP/MAC Address Finder
Add button
creating a search task
Delete button
ExtremeWare requirements
Remove All button
Remove button
search results
Submit button
Target Domains list
tasks list
Tasks List Summary
WildCard button
IP-based policy
233
336
40
336
336
332
24
237
236
235
234
237
237
239
238
237
235
234
237
33
L
L2 cloud node
caveats
L4 port
L4 port range field
specifying for client
specifying for user
Launch EPICenter link
Layout button
Layout Map In Window menu selection
Layout Map menu selection
LDAP directory, importing from
license key
activation key
adding or updating
licensing
obtaining a permanent license
obtaining an evaluation license
upgrading (adding modules)
upgrading (evaluation to permanent)
link (topology)
composite link
deleting
links, marking in Topology applet
list box fields
logging in
Login page
Logoff button
288
298
420
421
421
421
75
305
306
305
226, 227
52, 58
50
55, 61
50
50
50
51
50
289
290, 292
303
315
86
76
76, 357
81
M
macro status
macros (Telnet)
record/play
Start Record command
Stop Record command
variables
Manager access
EPICenter Software Installation and User Guide
194
192
198
198
194
26, 355
Map
auto populate
creating
deleting submap
Expand Map
fit Map in Window
Layout Map In Window
renaming
map element description panel
map elements
composite link
decorative node
device node
hyper node
L2 cloud node
link
submap node
text node
map hierarchy tree
map nodes
adding
cutting
deleting
laying out
map properties
background image
link text color
map name
node gradient background
node text color
RMON statistics
Map Properties... menu selection
Map, topology
Mark button
Mark Links Mode menu selection
Master switch
Max Bandwidth
Policy QoS
VoIP
MIB variables
in RMON rules
in RMON threshold configuration
Min Bandwidth
Policy QoS
VoIP
Minimum Bandwidth Calculations
Modify button
in Alarm Category
in Alarm Definition
in Inventory Manager
in Threshold Configuration
in VLAN Manager
modifying
alarm category
alarm definition
alarm theshold rule
device groups
device information
IP address for VLAN
map properties
policy precedence
Qos profiles
user accounts
VLANs
293, 294, 305
296
301
308
307
306
301
287, 291
290
289
287
288
288
289
287
289
287
297
302
303
305
311
312
312
312
312
312
313
311
287
315
315
352
432
396
143
143
432
396
402
139
138
90, 105
150
335
139
138
150
107
105
336
311
430
431
358
334
539
Index
Monitor access
26, 355
N
navigating EPICenter applications
Navigation Toolbar
Network Login/802.1x tab
Network Login/802.x1 display
network resource specification
Network Resources list
policy definition page
Network Status Summary report
New button
in Discovery
in Grouping Manager
New Decorative Map Node menu selection
New Device Map Node menu selection
New Map Link menu selection
New Map menu selection
New Text Map Node menu selection
New View menu selection
NIS, importing from
NT Domain Controller, importing from
77,
410,
226,
226,
80
80
119
450
414
413
413
374
416
96
210
298
297
298
296
298
293
232
232
O
Order button
410, 430
P
page tabs
passwords
changing for Administrator
default
users changing
paste (Telnet)
Paste Map Nodes menu selection
Paste nodes into map button
Play button
Policies button
Policies View
Policy Access Domain
policy access domain
specifying
Policy Access Domain Resource list
Policy button
policy components
applications
device groups
devices
groups
hosts
IP address
policy named components
policy primitive components
ports
QoS profiles
subnets
users
VLANs
policy configuration
auto configuration
comparing policies with configured rules
directed configuration
status
Policy definition
540
85
358
357
360
193, 197
302
302
194
411
409, 411
41
422
422
81, 409, 437
30
39
39
39
39
39
40
38
38
40
40
40
40
40
433
440, 444, 447
434
433
30
policy definition page
network resource
policy scope
policy type buttons
traffic definition
traffic direction
Users list
policy description
policy name
policy precedence
changing
configuring
policy rule comparison display
IP QoS
Source Port QoS
VLAN QoS
policy rules display
IP QoS
Source Port QoS
VLAN QoS
policy scope
specifying
Policy Scope Resource list
policy traffic
policy traffic definition
policy traffic page
policy type
Access Based Security QoS
IP QoS
source port QoS
VLAN QoS
policy type buttons
polling
Port Configuration utility
Port exception QoS Profiles display
port groups
creating
ports
changing configuration
correcting conflicts
in Grouping Manager
port types in VLAN Manager
removing from VLAN
STPD membership
ports as policy components
predefined alarms
predefined groups
Print Map button
Print Map menu selection
Printing
Priority (ESRP)
Priority field
Profile button
Properties
from STP Monitor
from Telnet applet
from VLAN Manager
protocol filters
adding
changing in VLAN
deleting
Protocol Filters button
PVST+ mode
412, 416
414
414
413
413
413
413
30
30
43
430
430
441
447
444
442
448
445
30, 41, 414
422
422
30, 35
413
414
30, 417
31
31
31
31
413
88
477
449
206
211
477
477
205
327
331, 335, 338
341
40
121, 129
206
310
310
86
354
432
410, 431
350
199
330
331
339
335
339
339
341
EPICenter Software Installation and User Guide
Index
Q
QoS profile
as policy components
default QoS profiles
devices for configuration
Max Bandwidth
Max Bandwidth for VoIP
Min Bandwidth
Min Bandwidth for VoIP
modifying
ports for configuration
Priority field
Priority in VoIP
viewing
VoIP setting
QoS Profile display
QoS Profile tab
QoS Settings
Auto Configure
Default configurations
Manually Configure
QoS Settings for VLAN
Compression Algorithm
Egress Port Selection
Max # of phones
Overview
Priority
Profile
Query button
40
431
432
432
396
432
396
431
432
432
396
431
396
449
432, 451
405
404
405
401
402
401
400
401
401
224
R
RADIUS
client configuration
configuring shared secret
disabling
enabling server
enabling server response messages
server
server administration
server port configuration
RADIUS Administration tab
Real-Time Statistics
24,
from Configuration Manager
from ExtremeView applet
from Inventory Manager
from STP Monitor
from Telnet applet
from topology map
from VLAN Manager
graph preferences
273,
individual errors graph
total errors graph
utilization graph
related publications, About This Guide
Relationship tab
relationships of resources
207,
Relationships tab
Release Notes
Remote Authentication Dial In User Service (RADIUS)
Remove All button
in Add Relationship to Group
in IP/MAC Address Finder
Remove Attribute from Resource button
EPICenter Software Installation and User Guide
363
362
363
362
363
356
361
363
362
267
162
258
94
349
200
319
329
274
268
268
268
19
218
210
217
17
26
215
218
237
212
Remove button
in Add Attribute to Resource
in Add Relationship to Group
in Discovery
in Grouping Manager
in IP/MAC Address Finder
remove children from a group
remove resource from results list
Remove Condition(s) button
removing a child resource
Rename Map menu selection
Rename View menu selection
view (topology)
renaming
Repeat button
Repeat Delay field
Repeating check box
reports
Alarm Log report
browser requirements for
Configuration Management Log report
creating user-defined
Device Inventory report
Device Status report
Distributed Server summary
Event Log report
exporting
filtering
Interface report
Network Status Summary
Network Status Summary report
printing
Resource to Attribute Mapping report
Server State Summary report
Slot Inventory report
System Log report
User to Host Mapping report
viewing from stand-alone client
VLAN Summary report
Reports button
ReRun button
Reset button
in Grouping Manager search
resetting a policy
resizing
columns in status display
Component Tree
resource
adding as child
adding relationships
attributes
children
Children tab
definition of
deleting
filtering
relationships
Relationships tab
removing as a child
resource details display
Resource Results list
searching for
Select Resource to be Added panel
Resource Results list
221
218
96
219
237
216
215
125, 128
216
301
301
194
194
194
26
386
49
388
389
379
382
78
387
389
376
383
77
374
389
384
378
381
387
385
74
382
81
235, 240
86, 410, 429
224
429
84
84
213
216
207, 210
210
214
205
213
210
207, 210
217
216
209
215
221
214
215
541
Index
Resource to Attribute Mapping report
resources
creating in Grouping Manager
description
DLCS ID attribute type
filtering
generic attribute type
importing
IP/subnet attribute type
name
Netlogin ID attribute type
source
type
unique name
resynchronize (RMON)
rising threshold
CPU utilization
for predefined RMON events
RMON events
RMON
alarm event generation
configuration
event configuration rules
Falling Threshold configuration
falling threshold, predefined events
MIB variables for rules
Port Utilization predefined rule
predefined rule definition
resynchronize
Rising Threshold configuration
rising threshold for predefined events
rule definition
rule display
rule target configuration
Sample Type
Sample Type (predefined rule)
Startup Alarm
Startup Alarm for predefined rule
Temperature predefined rule
Topology change predefined rule
traps
utilization on map links
RMON Statistics (Topology)
RT Stats button
rule
CPU utilization threshold configuration
display, CPU utilization
display, RMON
predefined RMON event configuration
RMON configuration example
RMON threshold configuration
threshold target configuration
Run program alarm action
runclient command
in Windows
runserv command
in Solaris
in Windows
384
211
209, 212
219, 221
214
212, 219, 221
225
212, 219, 221
209, 211
212
209
209, 211
209
152
146
148
144
141,
141,
121,
81,
145
140
140
144
148
143
148
148
152
144
148
143
141
149
144
148
144
148
148
148
123
313
313
269
146
141
141
148
150
143
149
135
72
71
70
S
Sample Type
Absolute (for CPU Utilization
Absolute (predefined RMON)
Absolute (RMON)
542
146
148
144
Delta (for CPU Utilization)
146
Delta (RMON)
144
Save button
216, 218, 219, 221, 410, 429
scheduled configuration upload
165
scheduled configuration, global
167
scope for alarms
132
Scope tab
132
search results
Discovery
96
Grouping Manager query
224
IP/MAC Address Finder
239
search task (IP/MAC Address Finder)
236
Searching for a resource
221
Select All Map Nodes menu selection
304
Select Resources to be Added panel
214, 217
Server Hostname field
73
server installation
under Solaris
56
under Windows
52
server properties
356
administration of
363
Automatically Save Configuration
366
Client Port
369
Default Map RMON Statistics
368
Device HTTP Port
365
Device SSH Port
370
Device Telnet Port
365
Device Tree UI
370
Devices properties
365
DHCP Temporary Lease
370
DNS Lookup Timeout Period
369
Edge Port Maximum Table Size Setting
368
Edge Port Poll Interval
368
Enable Edge Port Polling
368
Enable RMON Display
368
Enable SCP2
370
Enable Syslog Server
365
EPICenter Trap Receiver Port
368
HTTP Proxy Device
369
HTTP Proxy Port
369
IP QoS Rule Precedence
369
Load Information from http
//www.extremenetworks.com
369
Maximum Number of SNMP Sessions
367
Number of Retries
368
Other properties
369
Poll Devices Using Telnet
366
Poll Edge Ports Fast
368
Poll Interval
367
Save Changed Configurations
366
Save Switch Password for Vista Login
366
Scalability properties
366
SCP2 Command Line
370
ServiceWatch URL
369
Session Timeout Period
369
setting
363
SHH2 Command Line
370
SNMP properties
367
SysLog Message Min Severity
366
Syslog Message per Device
367
Syslog Message per Minute
367
Telnet Login Timeout Period
365
Telnet Screen Width
370
Thread Default Alloc Size
367
EPICenter Software Installation and User Guide
Index
Thread Pool Size
Timeout Period
Topology properties
Traps per device
Traps per Minute
Update Type Library on Server
Upload/Download Timeout Period
Use EPICenter Login for Telnet
Server Properties tab
server service
Server State Summary report
ServiceWatch button
setting
graph preferences (RT Stats)
map properties
server properties
Settings... button (Alarms)
Slot Inventory report
SmartTraps
SNMP
alarm event type
configuring trap events
default trap port number
total traps rate limit
traps
traps per device rate limit
SNMPCLI utility
software architecture
software components
software licensing
Solaris
server installation
starting the server
stopping the server
uninstalling the server
uninstalling the stand-alone client
sorting columns
sound alert alarm action
Source Name field
source of resource
source port policy
Source Port QoS display
Spanning Tree domains
Specify client L4 port checkbox
Specify user L4 port checkbox
SSH2 (Inventory Manager)
Stand-alone Utilities
Start Record (Telnet)
starting the client
browser-based (Windows only)
under Windows
starting the server
under Solaris
under Windows
Startup Alarm
for CPU Utilization
for predefined RMON rule
RMON
State (ESRP)
statistics
display mode, real-time
graph preferences (RT Stats)
in Extremeview
individual port real-time
EPICenter Software Installation and User Guide
367
368
368
367
367
370
365
366
363
420
378
81
274
311
356, 363
136
381
28, 88
88
131
152
153
367
121, 123
367
27
28
27
50
56
71
71
67
68
85
134
226
209
36
445
341
421
421
106, 112
27
198
74
72
71
69
146
148
144
354
273
274
253
271
multi-port real-time
real-time
Status icon
Status/Detail Information panel
Stop button
Stop Record (Telnet)
stopping the server
under Solaris
under Windows
stopserv command
STP
1D mode
default domain
EMISTP mode
PVST+ mode
STP button
STP domains
STP Monitor
Alarm browser menu item
Browse menu item (ExtremeWare Vista)
Device menu
Device statistics menu item
displaying device configuration information
displaying port configuration information
displaying STP domain information
displaying VLAN configuration information
EView menu item
Properties menu item
STP Properties menu
Telnet menu item
VLAN Properties window
VLANs menu item
STP tab
STPD See Spanning Tree domains
submap node
Submit button
subnet mask
subnets as policy components
switch configuration information (EView)
switch polling
switch statistics (ExtremeView)
switch status (ExtremeView)
Sync button
88,
in Inventory Manager
in Threshold Configuration
Syslog
alarm event type
configuring EPICenter as Syslog receiver
enabling EPICenter Syslog server
history
message storage
messages in alarms
setting minimum severity for message acceptance
Syslog Messages tab
total messages rate limit
Syslog Messages tab
System Log report
269
267
410
83
194
198
71
70
71
341
341
341
341
81
341
26
348
348
348
349
344
346
342
344
348
350
347
349
348
349
119
287
238
96
40
248
88
253
244
111
90
151
131
153
365
120
120
131
366
120
367
120
387
T
tagged ports
Target Domains list
Target tab
Tasks List Summary window
331
237
149
234
543
Index
Tcl
writing scripts for alarm actions
Tcl client API
Tcl exported functions
Telnet applet
Alarms browser menu item
copy
Device statistics menu item
EPICenter Telnet
EView menu item
ExtremeWare Vista menu item
Find button
from Configuration Manager
from ExtremeView applet
from Inventory Manager
from Real-Time Statistics
from STP Monitor
from topology map
macro status
macro variables
macros
paste
Properties menu item
Repeat Delay
Repeating check box
right-click pop-up menu
third-party devices
VLANs menu item
Telnet button
Telnet Connections list
terminology, About This Guide
text fields
text node
TFTP button (Configuration Manager)
TFTP server
enabling/disabling
setting root directory path
third-party device support
Telnet applet
Threshold Configuration page
Threshold Configuration tab
ToMaster (ESRP)
topology
background image
By device display
By VLAN display
composite link
decorative node
device node
displaying VLAN information
Expand Map
Find Map Node window
Fit Map in Window
hyper node
L2 cloud node
Layout Map In Window
link
map
map background color
map element description panel
map hierarchy tree
map properties
node background color
renaming a view
544
24,
193,
193,
81,
155
498
499
191
200
197
200
191
200
200
201
162
258
94
280
349
319
194
194
192
197
199
194
194
199
199
201
191
192
17
85
289
186
186
186
29
199
140
140
354
312
313
313
290, 292
289
287
313
308
311
307
288
288
306
289
287
312
287, 291
287
311
312
294
setting view properties
submap node
text node
view
VLANs button
Topology button
Topology views
ToSlave (ESRP)
total errors graph
TrackedActivePorts (ESRP)
TrackedIPRoutes (ESRP)
TrackedPings (ESRP)
traffic direction
traffic patterns, access lists
TransferMgr utility
traps
default trap port number
Extreme proprietary
RMON
setting EPICenter to receive
SNMP
total traps rate limit
traps per device rate limit
81,
25,
413,
27,
304
287
289
286
313
286
285
354
268
354
354
354
420
439
484
153
121
121, 123
153
121, 123
367
367
U
Unack button
Undo Map Edit menu selection
uninstalling the server
under Solaris
under Windows
uninstalling the stand-alone client
under Solaris
under Windows
unique name of resource
untagged ports
Unzoom Map menu selection
updating switch information
Upgrade button (Configuration Manager)
upgrading
from a previous release
license (adding optional modules)
license (evaluation to permanent)
upload
device configuration
scheduled
Upload button (Configuration Manager)
user
EPICenter access
ExtremeWare access
User Administration page
user groups
User to Host Mapping report
user-defined reports
users as policy components
Users list
users, adding
users, modifying
utilities
database backup
database validation
utilization graph
124
310
67
66
68
67
209
331
310
111
173, 177, 178
51
51
50
163
165
163
356
356
357
206
385
389
40
413
358
358
519
518
268
EPICenter Software Installation and User Guide
Index
V
Variables... button (Alarms)
Versions button (Configuration Manager)
view (topology)
creating
renaming
setting properties
View configured rules menu item
View Documentation link
View policy rules menu item
View Properties
View Reports link
viewing
access list policies
Network Login/802.1x
policies summary
policy definition
policy precedence
port exception QoS profiles
QoS profiles
viewing by VLAN
Virtual LANs. See VLANs
VLAN
Disabling VoIP on
Enabling VoIP on
VLAN button
VLAN Manager
Add button
Alarm Browser command
By Switch button
By VLAN button
Connect Device button
Delete button
Device statistics command
ExtremeView command
ExtremeWare Vista command
from Configuration Manager
from Inventory Manager
from STP Monitor
from Telnet applet
from topology map
main page
Modify button
Modify VLAN Membership command
Properties command
Protocol Filters button
right-click pop-up menu
Telnet command
VLAN policy
VLAN QoS display
VLAN Summary report
VLAN tab
VlanMgr utility
VLANs
802.1Q tag
adding
adding links
adding protocol filters
adding tagged ports
adding untagged ports
Connect Device
connecting edge port
definition of
deleting
EPICenter Software Installation and User Guide
135
182
286
293
294
304
441, 444, 447
75
441, 444, 447
304
75
437
450
411
412
430
449
431, 449
325
25,
328,
27,
321,
399
399
81
321
330
328
323
323
336
333
329
329
328
162
94
349
201
320
322
335
337
330
339
328
329
37
443
382
119
487
325
331
330
315
339
331
331
336
317
322
333
deleting protocol filters
disabling IP forwarding
displaying
displaying in Topology applet
enabling IP forwarding
finding connections
from ExtremeView applet
from Real-Time Statistics applet
modifying
modifying IP address
modifying VLAN membership
protocol filters
remove a port
removing a port
viewing by switch
viewing member ports
VLANs as policy components
VLANs button
VLANs for VoIP
VoIP
Details report
Disabling on a VLAN
Enabling on a VLAN
Voice VLAN Summary report
VoIP Manager
VoIP Settings
IP Address
Maximum Bandwidth (Max BW)
Minimum Bandwidth (Min BW)
Priority
QoS Profile
Switch
VLAN
339
336
323
313
336
336
258
281
334
336
337
321
331
335, 338
324
326
40
313
397
407
399
399
407
395, 397, 402
396
396
396
396
396
396
396
W
WildCard button
wildcards
in Discovery addresses
in IP/MAC Address Finder
Windows
server installation
starting browser-based client
starting the client
starting the server
stopping the server
uninstalling the server
uninstalling the stand-alone client
237
95
237
52
74
72
69
70
66
67
Z
Zoom
Zoom
Zoom
Zoom
map in button
Map In menu selection
map out button
Map Out menu selection
309
309
309
309
545